Report to the Governor, Lt. Governor
and Speaker of the House of Representatives
VOLUME I
Submitted by
THE TEXAS STATE BOARD OF PUBLIC ACCOUNTANCY
November 11, 2004
1
[THIS PAGE DELIBERATELY LEFT BLANK]
2
TABLE OF CONTENTS
1.0. EXECUTIVE SUMMARY .................................................................................................................................5
1.1.
1.2.
1.3.
1.4.
1.5.
DEFINITION OF PUBLIC INTEREST ENTITIES ............................................................................................5
GENERAL CONCLUSIONS ..........................................................................................................................6
DEVELOPMENT OF RESPONSIBILITY TABLE ............................................................................................6
RECOMMENDATIONS .................................................................................................................................7
TSBPA ADOPTION OF REPORT .................................................................................................................7
STATUTORY AND REGULATORY RESPONSIBILITY TABLE FOR PUBLIC INTEREST ENTITIES....8
2.0. BACKGROUND................................................................................................................................................11
2.1.
2.2.
THE TSBPA’S TASK FORCE ....................................................................................................................11
THE ACCOUNTING PROFESSION IN TEXAS .............................................................................................12
3.0. SARBANES-OXLEY ACT ISSUES ................................................................................................................13
4.0. TASK FORCE PROCESS ................................................................................................................................14
5.0. SOX REQUIREMENTS, RESTRICTIONS ...................................................................................................15
ON PUBLIC INTEREST ENTITIES AND OTHER ACTIONS NEEDED.........................................................15
5.1.
5.2.
5.3.
5.4.
5.5.
5.6.
5.7.
THE NATIONAL ASSOCIATION OF STATE BOARDS OF ACCOUNTANCY. ................................................16
ACTIONS WITHIN OTHER STATES ..........................................................................................................17
THE AMERICAN ASSEMBLY REPORT ......................................................................................................18
VOLUNTARY ADOPTION ..........................................................................................................................19
REQUESTS FOR INPUT FROM PUBLIC INTEREST ENTITIES .....................................................................20
THE PUBLIC FORUM ................................................................................................................................22
THE TEXAS SOCIETY OF CPAS ...............................................................................................................23
6.0. GENERAL ACCOUNTING OFFICE STUDY AND REPORT ...................................................................24
7.0. TSBPA RULES AND ANALYSIS OF SOX PROVISIONS..........................................................................25
7.1.
THE PUBLIC ACCOUNTANCY ACT AND TSBPA RULES..........................................................................25
7.2.
ANALYSIS OF SOX PROVISIONS ..............................................................................................................26
7.2(a).
SOX Sec. 101-109...........................................................................................................................26
7.2(a)(1). Independence................................................................................................................................27
7.2(a)(2). Ethics Education...........................................................................................................................27
7.2(a)(3). Continuing Education...................................................................................................................27
7.2(a)(4). Registration and Peer Review ......................................................................................................27
7.2(a)(5). Enforcement .................................................................................................................................28
7.2(b).
SOX Sec. 201. Non-audit service restrictions...............................................................................28
7.2(c).
SOX Sec. 202. Audit committee pre-approval of non-prohibited outside auditor services .........29
7.2(d).
SOX Sec. 203. Rotation of lead and reviewing audit partner ......................................................29
7.2(e).
SOX Sec. 204. Requirement of audit firm to report on specific items to audit committee (or its
equivalent). ........................................................................................................................................................29
7.2(f).. SOX Sec. 206. Restrictions on hiring of key member of outside audit team (1-year coolingoff period)
...........................................................................................................................................................................29
7.2(g).
SOX Sec. 207. GAO study on audit firm rotation ........................................................................30
7.2(h).
SOX Sec. 209. State Board consideration ....................................................................................30
7.2(i).
SOX Sec. 404. Reporting on internal controls. ............................................................................30
7.2(j).
SOX Sec. 802. Criminal penalties for altering documents and 5 year retention of audit
workpapers. .......................................................................................................................................................30
7.2(k).
SOX Sec. 806. Whistleblower protection. .....................................................................................31
7.2(l).
SOX Sec. 1102. Criminal penalties for altering documents. .......................................................31
7.2(m).
SOX Sec. 1107. Whistleblower protection. ...................................................................................31
3
7.3.
ACTION ITEM FOR THE TEXAS LEGISLATURE. ......................................................................................31
7.3(a).
SOX Sec. 303. Unlawful for officer or director to fraudulently influence, coerce, manipulate or
mislead outside auditor. ....................................................................................................................................31
8.0. COST OF COMPLIANCE ...............................................................................................................................32
9.0. CONCLUSION ..................................................................................................................................................34
9.1.
RECOMMENDATIONS. ..............................................................................................................................34
ATTACHMENTS
(Located in Volume II)
ATTACHMENT 1
ATTACHMENT 2
ATTACHMENT 3
ATTACHMENT 4
ATTACHMENT 5
ATTACHMENT 6
ATTACHMENT 7
ATTACHMENT 8
ATTACHMENT 9
ATTACHMENT 10
ATTACHMENT 11
ATTACHMENT 12
ATTACHMENT
ATTACHMENT
ATTACHMENT
ATTACHMENT
13
14
15
16
ATTACHMENT
17
Sarbanes-Oxley Act of 2002
“Sarbanes-Oxley’s Compliance Conundrum”, United Press International May 7,
2004
Texas State Board Report, October 2003, Vol. 80
“NASBA Regional Director’s Report”, November 2003
NASBA Discussion Memorandum “Answering the SOX Challenge – Guidelines for
State Boards of Accountancy”, September 30, 2003
“The Future of the Accounting Profession” American Assembly Report, 103rd
American Assembly, Columbia University, November 11-13, 2003
“The Sarbanes-Oxley Act of 2002: Recommendations for Higher Education”, Advisory Report 2003-3, National Association of College and University Business Officers, November 20, 2003
Matrix of SOX provisions sent to PIEs
PIE responses
Parties that submitted either written or oral testimony
Written comments and matrices received from public forum attendees
“A Report to Senate Committee on Banking, Housing and Urban Affairs and the
House Committee on Financial Services,” General Accounting Office, November
2003
Board Rule 519.6 (Subpoenas)
Board Rule 519.43 (Emergency Suspension)
Board Rule 519.8 (Administrative Penalties)
Board Rule 519.7 (Misdemeanors that Subject a Certificate or License Holder to
Discipline by the Board)
“Section 404 Could Cost Big Companies $4.6 Million or More” Accounting WEB,
February 13, 2004
4
Report to the Governor, Lt. Governor
and Speaker of the House of Representatives
Implementation of the Sarbanes-Oxley Act in Texas
The Texas State Board of Public Accountancy shall report to the governor, the lieutenant
governor, and the speaker of the house of representatives, not later than December 31, 2004,
regarding:
(1) the requirements of the federal Sarbanes-Oxley Act (Pub. L. No. 107-204), including any restrictions on public interest entities, and any legislation or other action needed to
conform state law to the requirements of that Act;
(2) the federal General Accounting Office study on audit firm rotation and any legislation or other action needed to conform state law to the findings of that study; and
(3) the rules adopted by the board that are intended to comply with the federal standards described by Subdivisions (1) and (2) of this section and the board's actions in implementing and enforcing those rules.
Public Accountancy Act, Sec. 29
1.0. EXECUTIVE SUMMARY
In response to Sec. 29 of the Public Accountancy Act, the Texas State Board of Public Accountancy (TSBPA) formed a task force to develop recommendations for the TSBPA to consider
in making its report in accordance with Sec. 29’s requirements. The task force studied the Sarbanes-Oxley Act of 2002 (SOX, or the Act) and considered relevant activities of other states and
regulatory bodies, existing studies and other relevant information. The task force received input
from selected associations and regulators of public interest entities (PIEs) and held a public forum during which it received input from interested parties. The task force’s objective was to develop recommendations for the TSBPA that strike an appropriate balance between safeguarding
the public’s interest while promoting a sound Texas business climate, which also is in the public
interest.
1.1.
Definition of Public Interest Entities.
For purposes of this report, the task force defined PIEs as:
Those entities whose audited financial statements are relied upon by
significant numbers of stakeholders to make investment, credit, or similar decisions (e.g., in the case of a publicly held company) or by regulators in their oversight role (e.g., in the case of pension plans, banks, insurance companies, and school districts), and therefore, the potential extent of harm to the public from an audit failure involving one of these
entities would generally be significant.
5
1.2.
General Conclusions.
The TSBPA cautions against state-by-state application of SOX-type legislation to public interest entities or to other non-publicly held entities as this is likely to be confusing for businesses
operating in multiple states, complicate uniformity of enforcement, and increase costs to the
Texas consumer as compared to consumers in other states. The task force found that many PIEs
and their auditors are already subject to national standards or regulations that apply to Texas
PIEs. Additionally, the TSBPA cautions that adoption of any particular SOX-type provision
should not be presumed preferable to declining adoption. Rather, each provision should be
evaluated considering the resultant protection provided to the public versus the cost and other
negative impacts of the provision’s adoption, as well as the size of the entity affected.
The TSBPA does not believe there should be an additional layer of regulation for public interest entities outside their respective regulatory agencies or bodies. However, the TSBPA does
recommend that existing regulatory bodies of PIEs should review and adopt appropriate SOX
provisions, where applicable, related to the governance and management functions of the PIEs
for which these regulatory bodies are responsible. A tool to assist the PIEs in their review has
been developed. Entitled “Statutory and Regulatory Responsibility Table for Public Interest Entities,” the table is discussed in this report. Each state agency that regulates PIEs should be required to formally address and report on its review of the SOX provisions indicated in the table.
Regulations related to the CPA should remain the responsibility of the TSBPA. Under the
Texas Public Accountancy Act (PAA), the TSBPA has the authority to implement all SOX-type
provisions applicable to CPAs through its rulemaking process. In fact, all SOX provisions have
been thoroughly considered and are discussed in this report. Rule review is an ongoing process,
and the TSBPA will continue to monitor the situation and implement rule changes as they are
needed.
Consistent with the General Accounting Office (GAO)1 study and report, the TSBPA does
not recommend mandatory audit firm rotation.
The TSBPA does recommend potential legislation consistent with SOX Sec. 303 making it
illegal for an officer, director or persons directed by them to fraudulently influence, coerce, manipulate, or mislead an independent public accounting firm performing an audit for PIEs in
Texas. Existing statutes that are aimed at preventing fraudulent behavior should be reviewed to
determine whether they are sufficient to cover such conduct caused by non-CPAs who are not
within the TSBPA’s jurisdiction. We also believe it to be appropriate to provide penalties for
such actions which are consistent with those in Chapter 26 of the PAA. This will result in felony
penalties consistent with those of CPAs in Texas. Additionally, the Legislature should consider
providing the TSBPA with the statutory authority to refer to the appropriate prosecutorial authority information on activities that appear to constitute criminal conduct or violation of a statute in
Chapter 31, Theft, or Chapter 32, Fraud, Texas Penal Code, by individuals other than CPAs..
1.3.
Development of Responsibility Table.
Using the input received from the regulatory bodies, public interest entities, and other interested parties, the task force developed a table to identify the appropriate oversight body to consider each of the SOX provisions. The SOX Statutory and Regulatory Responsibility Table details each of the relevant SOX provisions and recommends the regulatory body that should consider adoption, oversight and enforcement of those provisions.
1
Effective July 7, 2004, the General Accounting Office’s legal name became the Government Accountability Office.
6
In making its recommendation, the task force considered whether the particular SOX provision related to regulation of the CPA or regulation of the entity. Those provisions that relate to
the CPA were assigned to the TSBPA. Those provisions relating to entity governance and management were assigned to other regulating bodies, as deemed appropriate. If a recommended
provision requires legislative action, the task force assigned that responsibility to the Texas
Legislature.
Evaluators should consider the intent of each provision, rather than the specific wording. For
example, Sec. 202 refers to audit committee pre-approval of certain services. Many entities do
not have audit committees, and that function rests elsewhere, probably with its board or finance
committee. Therefore, a regulatory body that concludes pre-approval of the auditor’s services
should be required might require pre-approval of such services by the entity’s board or its designee other than management. This approach accomplishes the intent of the provision without
mandating the existence of an audit committee.
It should not be presumed that each provision is automatically applicable. Any adoption
should consider the preference for uniformity with national standards and the appropriateness of
the provision while considering such elements as size of the entity, the provision’s cost, and
other negative impacts of such a requirement versus the resultant protection provided to the public.
The SOX Statutory and Regulatory Responsibility Table begins on page 8.
1.4.
Recommendations.
In summary, the TSBPA:
1. cautions against state-by-state implementation of SOX-type legislation on public interest
entities or on other non-publicly held entities;
2. recommends that existing regulatory bodies in Texas review relevant SOX provisions as
identified in the Statutory and Regulatory Responsibility Table [pages 8-10 of this report]
to determine which, if any, provisions or their objectives are appropriate for the regulatory bodies’ respective jurisdiction; and
3. recommends potential legislation consistent with SOX Sec. 303 making it illegal for an
officer, director, or persons directed by them to fraudulently influence, coerce, manipulate, or mislead an independent public accounting firm performing an audit for PIEs in
Texas to be accomplished by:
a. reviewing existing statutes to determine whether they are sufficient to cover such
conduct caused by non-CPAs who are not within the TSBPA’s jurisdiction;
b. adopting penalties for such actions which are consistent with those in Chapter 26 of
the PAA; and
c. providing the TSBPA with the statutory authority to refer to the appropriate prosecutorial authority information on activities that appear to constitute criminal conduct or
violation of a statute in Chapter 31, Theft, or Chapter 32, Fraud, Texas Penal Code,
by individuals other than CPAs.
1.5.
TSBPA Adoption of Report.
The TSBPA reviewed the work of the task force and adopted this report at its November 11,
2004 meeting. Attachments to the report are contained in Volume II. The Texas State Board of
Public Accountancy submits this report in accordance with Sec. 29 of the Public Accountancy
Act and encourages the implementation of the recommendations contained within this report.
7
Sarbanes-Oxley Act Provisions
Statutory and Regulatory Responsibility Table for Public Interest Entities
The following table identifies relevant provisions of the Act and assigns responsibility for determining if similar regulations should be adopted. (Omitted Act sections are not considered pertinent to PIEs.) Evaluations should consider the
intent of each provision, the size of the entity affected, the provision’s cost, and other negative impacts of adoption versus the resultant protection of the public. Evaluators should not presume that adoption of a particular provision is more
preferable than declining adoption.
SARBANES OXLEY ACT PROVISIONS
Sec.
No.
Applicable Description
RESPONSIBILITY OF
Texas State Board of
Public Accountancy
Existing
Regulatory Agency
or Body
General Provisions:
(1) auditing, quality control, independence and ethics
101109 (2) registration and inspection of public
X
accounting firms
(3) investigations and disciplinary proceedings
201
202
203
X
Non-audit service restrictions
Audit committee (or its equivalent)
pre-approval of non-prohibited outside
auditor services
Rotation of lead and
reviewing audit partner
X
X
204
Requirement of audit firm
to report on specific items to audit
committee (or its equivalent)
X
206
Restrictions on hiring of key member
of outside audit team
(1 year cooling off period)
X
207
209
X
X
X
GAO study on audit firm rotation
State Board consideration
Audit committee
(or its equivalent) responsibilities):
301
(1) Hire and compensate outside auditors
(2) Comprised of independent directors
X
(3) Establish procedures for complaints,
audit, accounting, and internal control
matters
(4) Hire independent advisors and
counsel
8
Texas
Legislature
Sarbanes-Oxley Act Provisions
Statutory and Regulatory Responsibility Table for Public Interest Entities
(Continued)
SARBANES OXLEY ACT PROVISIONS
Sec.
No.
Applicable Description
RESPONSIBILITY OF
Texas State Board of
Public Accountancy
Existing
Regulatory Agency
or Body
Texas
Legislature
CEO & CFO must certify their primary
responsibility for::
(1) review of the financial statements
302
(2) no known misrepresentations within
financial statements
X
(3) materially correct financial statements
(4) establishment and maintenance of
internal controls
(5) required financial statement disclosures
303
Unlawful for officer or director
to fraudulently influence, coerce,
manipulate, or mislead outside auditor
X
401
Forfeiture of bonus and profits: If a
material misstatement occurs as a result
of their misconduct, CEO and CFO must
reimburse bonuses and incentive pay
from prior 12 months
Enhanced financial disclosures
X
402
Prohibition against personal loans to
director, CEO, and CFO (or equivalent)
X
304
X
Internal Controls (I/C):
X
(1) annual report contains I/C report detailing responsibility of management for
establishing and maintaining adequate
I/C and procedures for financial reports
404
(2) Independent auditor attests to and
reports on I/C assessment by management
X
(a) requirements for outside auditors
(b) requirements for audited entity
X
406
Requirement of disclosure of company
code of ethics for senior management
X
407
Requirement of at least one
"financial expert" on audit committee
X
9
Sarbanes-Oxley Act Provisions
Statutory and Regulatory Responsibility Table for Public Interest Entities
(Continued)
SARBANES OXLEY ACT PROVISIONS
Sec.
No.
Applicable Description
RESPONSIBILITY OF
Texas State Board of
Public Accountancy
Existing
Regulatory Agency
or Body
X
X
X
X
806
901905
Criminal penalties for altering
documents and 5-year retention
of audit workpapers
Whistleblower protection
Strengthens criminal penalties for acts
regarding financial statement
certification
906
Corporate responsibility
for financial reports
X
1001
CEO, in addition to preparer of income
tax returns, signs the corporate income
tax or information returns
X
802
X
X
1105
Criminal penalties
for altering documents
Prohibition from serving
as officers and directors
1107
Whistleblower protection
X
1102
X
X
10
X
Texas
Legislature
2.0. BACKGROUND
The 78th Texas Legislature, Regular Session, in 2003 directed the TSBPA to report to the
Governor, Lt. Governor, and Speaker of the House of Representatives on the mandates of Sec. 29
of the new Public Accountancy Act. This section requires the TSBPA to study and recommend
appropriate SOX-like provisions in its report on “the requirements of the federal Sarbanes-Oxley
Act (Pub. L. No. 107-204), including any restrictions on public interest entities, and any legislation or other action needed to conform state law to the requirements of that Act.” [See SarbanesOxley Act of 2002 [ATTACHMENT 1.]] Additionally, the TSBPA is to report on the GAO study
on audit firm rotation and any legislation or other action necessary to conform state law to that
study, as well as TSBPA rules adopted which are intended to comply with SOX legislation.
2.1.
The TSBPA’s Task Force.
Billy M. Atkinson, CPA, the TSBPA’s presiding officer, formed a task force to assist the
agency in carrying out the Sec. 29 mandate. The task force was charged not only with developing recommendations that safeguard the public’s interest while protecting a sound Texas
business climate, but also with determining what entities should be defined as “public interest
entities” (PIEs) and determining which SOX provisions pertain to them.
The task force is comprised of four regulators (TSBPA members); eight CPA non-TSBPA
members with diverse backgrounds who are professionals in various industries and academia,
representatives of the National Association of State Boards of Accountancy (NASBA), the
American Institute of Certified Public Accountants (AICPA), and the Texas Society of CPAs
(TSCPA). These individuals contributed significant time and resource to this effort to safeguard
the public interest. Members of the task force are:
TSBPA
Task Force Members
Other
Task Force Members
Melanie G. Thompson, CPA, chair
Billy M. Atkinson, CPA, ex officio
David D. Duree, CPA
Paula M. Mendoza
Sam Cotterell, CPA
Kenneth Dakdduk, CPA
Ygnacio D. Garza CPA
Phillip D. Green, CPA
Jennifer E. Hilton, CPA
Gary D. McIntosh, CPA
Robert R. Owen, CPA
Jerry R. Strawser, CPA
11
TSBPA Staff
William Treacy
James Hamilton, CPA
2.2.
The Accounting Profession in Texas.
Both CPAs and CPA firms must be licensed by the state of Texas. As of August 31, 2004,
individual active CPA licensees numbered 59,464. The TSBPA database reflects the following
information regarding employment of individual licensees:
INDUSTRY
NUMBER
PERCENT
Public Accounting
13,955
23.47%
Industry
22,007
37.01%
Federal Government
1,119
1.88%
State Government
1,023
1.72%
Local Government
827
1.39%
Education
1,329
2.23%
Other
4,410
7.42%
Not Employed
4,001
6.73%
Retired/Disabled
2,507
4.22%
Undeclared
8,286
13.93%
Not only are most Texas CPAs not employed in public accounting, most of the CPAs in public accounting work as single practitioners or in small firms. In fact, the vast majority of public
accounting firms in Texas are small, with many operating in rural areas. As of August 31, 2004,
there were 10,108 active public accounting firms registered in the state of Texas. Of these firms,
9,546 had fewer than three employees. Of the 562 firms with more than three employees, only
201 have more than three owners.
12
3.0. SARBANES-OXLEY ACT ISSUES
“Since the Sarbanes-Oxley Act was passed in July of 2002 hundreds, if not thousands, of articles White Papers and books have been written on this legislation.”
Tim Leech in Distilling SOX 302,404 & 906
The Sarbanes-Oxley Act’s intent is to effect behavioral changes in public entities’ boards of
directors, management, and their independent auditors. Much public attention has been focused
on the roles and responsibilities of the independent auditors. However, the provisions of SOX
also establish separate and new responsibilities for boards and management to assure the proper
environment for continuous financial statement reporting and disclosure by public entities.
“Sarbanes-Oxley is very wide-ranging in its scope. In addition to creating stiff new penalties, it establishes a new Public [Company] Accounting Oversight Board (PCAOB), restricts the
various services an audit firm can offer to its clients, and limits the time audit firm partners can
serve a single client,” reported the United Press International on May 7, 2004 in its article entitled “Sarbanes-Oxley’s Compliance Conundrum.” “For corporations, the greater effect is on
complying with stringent new compliance and disclosure rules.” (ATTACHMENT 2) 2
The sections of SOX most relevant to this report are those dealing with auditor independence
(Title II of SOX), new corporate responsibilities (Title III of SOX) and enhanced financial disclosures (Title IV of SOX).
Because of the complexity of SOX and the requirement for implementing rules from both the
PCAOB and SEC, TSBPA published in its Texas State Board Report in October 2003 a chart
listing the various public concerns associated with SOX and how federal agencies and private
standards-setting bodies were responding to these issues as of December 2002. (Vol. 80). (ATTACHMENT 3)
The effective dates for compliance with portions of SOX are as late as November 15, 2004
for large companies and begin in 2005 for smaller and foreign companies. Both the SEC and
PCAOB are continuously developing rules to implement SOX provisions. It will be some time
before the full impact of both the benefits and costs of SOX on publicly traded entities is known.
During this initial implementation period, it is a challenge for both state regulators and legislators to determine the right time for and extent of specific implementation of new rules and regulations.
13
4.0. TASK FORCE PROCESS
The task force developed a strategy to properly address the Legislature’s charge by analyzing
the individual provisions of SOX and by providing a mechanism whereby each provision’s intent
could be reviewed for appropriateness to public interest entities. Sec. 29(1) of the Public Accountancy Act states:
The Texas State Board of Public Accountancy shall report to the governor,
the lieutenant governor, and the speaker of the house of representatives, not
later than December 31, 2004, regarding:
(1) the requirements of the federal Sarbanes-Oxley Act (Pub. L. No.
107-204), including any restrictions on public interest entities, and any legislation or other action needed to conform state law to the requirements of that Act
...
The objective was to develop recommendations that safeguard the public’s interest while
promoting a sound Texas business climate. For purposes of this report, the task force developed
a definition of “public interest entities.” The task force considered the regulations being proposed nationally and in other states, entities affected by potential recommendations, the extent of
current regulation on entities that fit within the TSBPA’s definition of public interest entity, and
the costs versus the benefits of additional regulation. The task force also considered who should
be responsible for the evaluation, adoption, implementation, and enforcement of any proposed
rules. Additionally, the task force sought input from public interest entity trade groups, regulators, and the public.
. . . (2).the federal General Accounting Office study on audit firm rotation
and any legislation or other action needed to conform state law to the findings
of that study . . .
The task force reviewed the findings of the GAO study and their applicability to the State of
Texas pursuant to Sec. 29(2) of the PAA.
. . . (3) the rules adopted by the board that are intended to comply with the
federal standards described by Subdivisions (1) and (2) of this section and the
board's actions in implementing and enforcing those rules.
Both the PAA and TSBPA rules were reviewed for compliance with subdivisions (1) and (2)
of Sec. 29 of the PAA. Additionally, SOX provisions assigned to the TSBPA within the Statutory and Regulatory Responsibility Table were analyzed to determine which, if any, of the provisions should be adopted in Texas for the auditors of PIEs.
14
5.0. SOX REQUIREMENTS, RESTRICTIONS
ON PUBLIC INTEREST ENTITIES AND OTHER ACTIONS NEEDED
The Texas State Board of Public Accountancy shall report to the governor, the
lieutenant governor, and the speaker of the house of representatives, not later
than December 31, 2004, regarding . . . (1) the requirements of the federal Sarbanes-Oxley Act (Pub. L. No. 107-204), including any restrictions on public interest entities, and any legislation or other action needed to conform state law to
the requirements of that Act . . .
Public Accountancy Act, Sec. 29
The task force studied what other state legislatures and state accountancy boards were doing
regarding the implementation of SOX provisions to “public interest entities” or non-publicly
traded entities. The task force reviewed reports of national organizations such as the National
Association of State Boards of Accountancy (NASBA), the General Accounting Office (GAO),
and the PCAOB, the SEC, the American Institute of CPAs, and others. Some states, such as
California, Illinois, and Texas are proactively addressing SOX at this time.
The November 2003 “NASBA Regional Director’s Report” (ATTACHMENT 4) provides a
summary of the status of other states’ activities in relation to implementation of SOX provisions.
It is the consensus of the TSBPA task force that most states are in a wait-and-see position of requiring public interest entities to implement SOX-type provisions for two major reasons. First,
inconsistent state-to-state regulation could possibly be confusing, costly, and create an uneven
business climate hindering businesses within a SOX-specific state. Second, the cost of implementation of the SOX provisions could outweigh the benefits received. Thus, the benefit of implementation of a provision should be justified before enacting regulation.
The task force reached the following general conclusions:
1. In addition to auditor restrictions, SOX establishes board governance and management
behavioral standards which should be addressed by Texas Public Interest Entity regulators.
2. Texas should not enact laws that unfairly impact the state economic climate compared to
other states.
3. Adoption of consistent national standards is preferable to a myriad of state-specific standards.
4. In any guidelines, cost of compliance versus benefits of public protection should be considered.
5 Small entities should not be unduly burdened with provisions pertinent to large entities
unless the provision’s benefits clearly outweigh its costs.
6. SOX concepts are continuing to be addressed by multiple standard-setting and regulatory
bodies at the national level and the requirements are continuing to evolve. Wherever
possible, Texas should adopt the standards established by national standard-setting bodies
and avoid implementing rules and regulations inconsistent with other states.
15
5.1.
The National Association of State Boards of Accountancy.
In supervising nonregistered public accounting firms and their associated persons, appropriate State regulatory authorities should make an independent determination of the proper standards applicable, particularly taking into consideration the size and nature of the business of the accounting firms they supervise
and the size and nature of the business of the clients of those firms. The standards
applied by the Board under this Act should not be presumed to be applicable for
purposes of this section for small and medium sized nonregistered public accounting firms.”
SOX, Sec. 209
The task force also reviewed the NASBA Discussion Memorandum “Answering the SOX
Challenge – Guidelines for State Boards of Accountancy.” (ATTACHMENT 5) In its discussion
memorandum on SOX, NASBA commented on the following areas:
1. Scope of services. By referencing nationally recognized professional standards in the
states’ statutes and boards’ rules, charging a licensee with violating applicable standards
becomes more straightforward. It is important that states agree on which, if any, SOX
standards should be applied to non-public companies. If not, we will have uniform standards for public companies regulated by the PCAOB and a patchwork of different regulations for non-public companies depending on the states in which they do business.
2. Partner rotation. NASBA does not support partner rotation. Its document states, “Do
not require rotation of the audit partner on non-public company audits because it would
likely require small firms, with fewer qualified audit partners, to resign from audit engagements. As a result, fewer small firms would continue to perform audit services and
less competition would offer less choice for services and possibly higher costs to consumers.”
3. Partner compensation. Compensation schemes that reward independence, as well as
the development and conduct of business, should be emphasized during firm quality assessment. While this type of oversight does not easily fit into either the Accountancy Act
or the boards’ rules, it should be considered in the overall firm quality assessment process.
4. Board composition. Public members bring important fresh views and perspectives to a
board of accountancy. Given the technical expertise required to make informed judgments on the disciplinary actions boards must take, licensed accounting professionals
should comprise at least a majority plus one of the state accountancy board. Case law affirms a board of accountancy with a majority of licensees does not have to retain an outside expert in the event of a disciplinary hearing. If the profession moves from rulesbased to principles-based accounting standards, as some expect, the professional judgment of licensees will become even more critical and those judgment calls are best evaluated by other professional accountants. There is a need for professional judgment that
can weigh how standards were applied in specific situations.
16
5. Ethics. Before initial licensure, both a course and examination on professional ethics,
including ethical reasoning, and the board’s rules, should be required. Following licensure, ethics training should be mandated at least every three years, as part of each state’s
continuing professional education requirements.
6. Firm inspection. The AICPA [American Institute of Certified Public Accountants] is
working to integrate/coordinate its peer review program with the PCAOB’s firm inspection of the auditors’ public company practice. State boards of accountancy should determine whether the PCAOB’s firm inspections will be sufficient to fulfill their quality review requirements. Should a major part of a firm’s audit and attest practice involve nonpublicly held companies (non-SEC registrants), results of firm inspections performed by
the PCAOB on the publicly-held companies’ segment of the firm’s practice may not necessarily be reflective of the firm’s overall quality control and audit processes.
7. Relationship with other organizations. State boards should be involved in the regulation of accountants who are practicing within their jurisdiction. As the PCAOB develops
its rules, NASBA has been offering comments to help ensure transparency between the
new oversight board and the state boards of accountancy. Similarly, PCAOB representatives have indicated they are anticipating the state boards will cooperate with them in
their information gathering.
8. Corporate governance. Auditors’ involvement in corporate governance issues must be
limited in order to maintain independence. For example, auditors cannot be involved in
the selection of financial experts for clients’ audit committees. The report does not address corporate governance issues other than from the perspective of the auditor’s involvement.
5.2.
Actions Within Other States.
As of November 2004, no significant action by other states seems imminent. Several state
boards, including California, Maryland, New York, Texas, and Washington have done significant work toward understanding SOX and have implemented certain provisions of SOX regarding restrictions on the auditor.
California has passed legislation adopting limited SOX-type provisions for charities. Further,
it established a task force to study whether SOX-type provisions should be applied to non-public
entities. That task force recommended that SOX not be “cascaded” to non-public entities. Massachusetts and New York have considered legislation that would require some SOX provisions to
be adopted; however this legislation has not advanced.
There appears to be no consideration in the various states for including a requirement for organizations to have a SOX Sec. 404-type of internal control documentation, testing, and reporting by management or by the auditor.
Pennsylvania has considered legislation that would make it a misdemeanor for companies to
make false statements intended to mislead shareholders about their financial condition. No significant developments on this proposal have occurred since May 2004.
In July 2004, Illinois passed legislation that, among other things, requires auditors of privately-held entities exceeding a threshold size of more than $50 million in annual revenue or
more than 500 employees, to provide notification of planned non-audit services. Criminal penalties were enacted for specified key officers of a company who intentionally mislead their auditor
so as to make financial statements materially misleading.
17
In summary, from state legislative activities over the past three years, the trend has been to
reject efforts to “cascade” SOX provisions into the states beyond the federal law, other than auditor working papers retention requirements. Texas requires working papers’ retention through its
TSBPA rules.
5.3.
The American Assembly Report.
“On November 13, 2003, fifty-seven men and women, including leaders from the worlds of accounting, finance, law, academia, investment banking, journalism, non-governmental organizations, as well as the current and former regulatory officials from The Federal Reserve Board, the
Securities and Exchange Commission (SEC), the General Accounting Office (GAO), the Public
Company Accounting Oversight Board (PCAOB), The Financial Accounting Standards Board
(FASB), and the International Accounting Standards Board (IASB) gathered at the Lansdowne
Resort, Leesburg, Virginia, for the 103rd American Assembly entitled “The Future of the Accounting Profession.” Over the course of the Assembly, the distinguished professionals considered three broad areas of the accounting profession: its present state, its desired future state,
and how it might reach that future state.”
“The Future of the Accounting Profession”
American Assembly Report
103rd American Assembly
Columbia University
Because regulation and oversight of the accounting profession is in a state of change, corporate heads have spent the last two years attempting to understand and comply with the provisions
of SOX. In November 2003, Columbia University held the 103rd American Assembly which
attempted to grasp the issues surround SOX implementation. A recurring theme of the Assembly
was the need for more insight into the data upon which management depends. (ATTACHMENT 6)
In describing the precipitators of the current accounting crisis, the Assembly’s report states:
As the bubble economy encouraged corporate management to adopt increasingly creative accounting practices to deliver the kind of predictable and robust
earnings and revenue growth demanded by investors, governance fell by the
wayside. All too often, those whose mandate was to act as a gatekeeper were
tempted by misguided compensation policies to forfeit their autonomy and independence.
The Assembly attendees agreed that it is difficult to envision a corporate governance and financial reporting structure that does not entail the audit of a company’s financial statements by
an independent auditor. However, the public and corporate audit committees may be expecting a
level of assurance and accuracy in those audits that is unrealistic, at the same time that the auditor’s top expert judgment must have a larger function in the audit.
In discussing what future financial reporting should look like, the Assembly suggested that
improvement could begin by the implementation of new attestation standards to replace the current standard, which is deemed appropriate for some, but not all, transactions. The consensus is
that auditors must offer more limited attestations when the facts require them, and further, that
investors should be prepared to accept them. The Assembly’s report states:
18
. . . the PCAOB should adopt a supervisory approach to regulation. We define
that “supervisory” role as a preventative one, as contrasted with the enforcement role, where regulators arrive on the scene only after malfeasance has
been alleged or detected. A supervisory format should permit accounting regulators to operate protected by the same degree of confidentiality that currently
governs the proceedings of bank examiners.
The report criticized corporate governance as follows:
. . . a corporate culture that treated financial reporting as little more than a
numbers game. Managers made increasingly aggressive assumptions and estimates about their business and selected those alternative accounting practices
that allowed them to report results that would match the unrealistic analyst expectations those managers had earlier promoted.
The Assembly identified two important groups in addressing corporate governance issues: the
audit committee and the directors. Members of the audit committee must be both financially
qualified and able to challenge management on their particular judgments. Similarly, directors
should be fully capable of discussing the company’s business and financial operations. Management, directors, and audit committees should adhere to the spirit of the law and not merely
legal specifics.
SOX sets numerous general requirements for both audit committees and corporate governance. However, while it stops short of requiring issuers to change auditing firms every few
years; it does allow audit committees to use discretion in deciding what non-audit services a
company may hire its auditors to provide (other than prohibited services). The Assembly supported these policies “. . . for leaving in the hands of audit committees the power to make these
decisions, and believe that is where those decisions belong as audit committee members are the
best qualified to make them. For instance, if rotation of auditors (audit firms) was made mandatory, much of the authority of audit committees over auditors would be forfeited.”
In addition, the Assembly encouraged the right of audit committees to exercise their discretion in determining the scope of beneficial non-audit services an external auditor might provide.
It concluded that audit committees “. . . must take charge of the audit, control the selection of
both the audit firm and the partner engaged to lead it, and make the final decision when it comes
time to set the audit fee. Above all else, they must protect the auditor’s independence.”
In concluding its report, the Assembly stated:
Most importantly, the accounting profession itself must recognize and expand
its role, its responsibility, and its dedication to fulfill its mission to provide accurate and complete information to the investing public.
5.4.
Voluntary Adoption.
Through its study of SOX and its impact on the business and governmental community, the
task force determined that some entities (e.g., the University of Texas and the United Way of
Metropolitan Dallas, among others) were in the process of proposing implementation of many of
the SOX provisions. The National Association of College and University Business Officers have
adopted similar standards as guidelines for all colleges and universities to seriously consider implementing. (ATTACHMENT 7)
19
The United Way of Metropolitan Dallas, for instance, is voluntarily altering its financial operations in light of SOX legislation. It has reassessed its internal controls, asking the following
questions:
y
y
y
y
y
y
What does the internal control structure look like and how does it operate?
Who is accountable?
How does it deal with change?
What are the critical control activities?
Are they monitored?
Is all of this documented?
They have also developed a conflict of interest policy and a code of business conduct and
ethics; procedures are in place for reporting ethical issues or questions. In addition, a code of
ethics has been adopted for and acknowledged by all directors, volunteers, and staff with financial responsibilities. In all financial reports, the organization now includes a statement that management is responsible for completeness and accuracy of the financial report and for internal
control.
A separate audit committee was established and reviews completed of its roles and responsibilities. The audit committee members have all been reviewed for independence, and a financial
expert has been identified. Both the finance and audit committees now have charters. Among
the audit committee responsibilities are to ensure that management letter comments from the independent auditor are implemented and to more closely review proposed adjustments.
We believe these to be sound business practices for public interest entities in today’s environment. They are not onerous, yet properly establish responsibilities.
5.5.
Requests for Input from Public Interest Entities.
In order to determine the potential impact that SOX provisions have on public interest entities, the task force solicited input from both industry and government. Twelve (12) various state
regulatory agencies and private professional organizations were asked to participate. The following table identifies the entities and their responses:
20
TYPE
OF ENTITY
RESPONSE
Association
Matrix/Letter
Office of Consumer Credit Commission
State Agency
Letter
Office of the Texas State Auditor
State Agency
Letter/Matrix
Property Casualty Insurers Association of America
Association
Letter
Texas Association of County Auditors
Association
No information
received
Texas Bankers Association
Association
Matrix
Texas Department of Banking
State Agency
Matrix
Texas Department of Insurance 2
State Agency
Letter/Matrix
Texas Education Agency
State Agency
Matrix
NAME OF ENTITY
Independent Bankers Association of Texas
Texas Independent Insurance Adjusters Association
Association
Texas Municipal League
Association
Texas Savings and Loan Department
State Agency
No information
received
No information
received
Letter
2
Subsequent to their evaluation of their response to our request, the State Board of Insurance examined
the possibility of some rule changes related to the SOX provisions.
In addition to the entities listed in the table above, the National Association of College andUniversity Business Offices was extremely helpful in providing the task force with the format for
the matrix sent to those entities.
The task force summarized relevant SOX provisions within a matrix format. (ATTACHMENT
8) Each entity was requested to review the matrix and determine the applicability of each provision to their regulated entities. While some declined to participate, as noted in the chart above,
most recipients actively participated in the process. In one instance, the regulatory body (the
Texas Department of Insurance) examined the possibility of some rule changes subsequent to its
review of the matrix. In some situations the regulatory body may not have the authority to enact
such changes, and legislative action would be required. Others believe adequate regulation is
already in place and no changes are needed. For example, an excerpt from the Texas Department
of Banking’s response addresses this issue:
Institutions that are not public companies, but hold assets greater than $500
million (which are subject to Section 36 of the Federal Deposit Insurance Act),
must comply with the SEC’s rules that implement provisions of sections 201,
202, 203, 206 and 404 of Sarbanes-Oxley . . .
. . . Though the Department of Banking believes strongly that nonpublic banking
organizations (with less than $500 million in total assets) can benefit from this
21
and other provisions of Sarbanes-Oxley, the agency is reluctant to require compliance for smaller organizations.
In small towns and cities where many community banks are located, it may be
impractical to contract with an out-of-area public accounting firm to perform
these nonaudit services due to the costs involved. However, bank boards are encouraged to review and understand the risks associated with these tying arrangements.
The specific responses are included in ATTACHMENT 9.
5.6.
The Public Forum.
Upon receiving the responses from the participating public interest entities, the task force reviewed the responses, and in an effort to gather more substantiation for the results, held a public
forum on July 12, 2004 to receive both oral and written testimony from interested parties. ATTACHMENT 10 lists the parties that submitted either written or oral testimony.
Participants in the public forum were asked to address the following questions:
1. Which provisions of SOX should be made applicable to public interest entities within the
state?
2. What additional rules and regulations should be considered to accomplish this task?
3. What are the benefits of those rules and regulations?
4. What are the costs of those rules and regulations?
5. What other impacts should be considered?
Texas Association of Life and Health Insurers executive director Mike Pollard and attorney
Will Davis both testified on behalf of that sector of the insurance industry. Both referenced the
extensive existing regulation of the industry and suggested that expansion of the SOX provisions
were redundant for the protection of the public. The National Teachers Association Life Insurance Company, USAA, and the American Council of Life Insurers. presented similar opinions in
written testimony.
Brenda Nation, senior counsel for the American Council of Life Insurers, stated in her letter
to the Board (July 9, 2004), “SOX was written to supplement existing securities laws for public
companies, not to impose additional requirements on a highly regulated insurance industry.”
Likewise, William H. McCartney, senior vice-president of USAA, stated in his letter of the
same date, “These entities are heavily regulated to protect the public interest and the regulators
and governing associations of these industries are already contemplating extending numerous
provisions of the Act to them. Any additional requirements in this area would be duplicative and
counterproductive.”
In contrast, Luke Metzger, Advocate, TPIRG, stated in his June 7, 2004 letter, “The Sarbanes-Oxley Act should certainly be made applicable to non-publicly traded public interest entities in Texas”. His letter continued with, “Texas consumers deserve protections to ensure the
integrity of financial statements of banks, insurance companies, school boards and pension
plans.”
Several representatives speaking at the forum agreed to complete the TSBPA matrix which
had previously been completed by industry regulators. Their written comments and matrices received are attached to this report. (ATTACHMENT 11)
22
5.7.
The Texas Society of CPAs.
The state-by-state development of accounting, auditing and independence standards will ultimately confuse the public and unnecessarily increase the cost of accounting and auditing services for the public . . . The cost to public companies of
implementing Sarbanes-Oxley has been substantial.
Edward M. Polansky, CPA
Chairman, Texas Society of CPAs
In his July 9, 2004 letter to the task force, Texas Society of CPAs chairman Edward M. Polansky, CPA, stated:
With these national organizations actively addressing the issue, we believe that
any one state should be very cautious about establishing requirements related
to corporate governance, auditing standards or accounting principles that
might be different from national standards. There is much potential for public
confusion if different standards apply in different states. We believe this concern is paramount and should guide all TSBPA deliberations on this subject.
He went on to say:
The Board’s current rules related to auditing standards effectively adopt national standards as Texas standards and require CPAs to conform to national
standards as a matter of Texas law and regulation. It is very important that the
Board review the standards, requirements and guidelines issued by the various
national organizations. This review will hopefully lead to the Board adopting
these standards as the standards for Texas.
In testimony at the July 12, 2004 public forum, the TSCPA also said:
The various regulators of public interest entities should make the determination
as to which provisions of Sarbanes-Oxley might have benefits worth the cost
and issue guidance or regulations as they see fit, especially in the areas of corporate governance and officers’ certifications of financial and internal control
information. Here too we recommend that national standards and procedures
be used wherever possible . . . it is appropriate to rely on current national
standards for auditor independence rather than introduce new partner rotation
rules for Texas entities.
23
6.0. GENERAL ACCOUNTING OFFICE STUDY AND REPORT
The Texas State Board of Public Accountancy shall report to the governor, the
lieutenant governor, and the speaker of the house of representatives, not later
than December 31, 2004, regarding . . . the (2) federal General Accounting Office study on audit firm rotation and any legislation or other action needed to
conform state law to the findings of that study . . .
Public Accountancy Act, Sec. 29
In November 2003 the General Accounting Office issued “A Report to Senate Committee on
Banking, Housing and Urban Affairs and the House Committee on Financial Services.” (ATTACHMENT 12) The report was entitled “Public Accounting Firms -- Required Study on the Potential Effects of Mandatory Audit Firm Rotation” and stated, “We believe that mandatory audit
firm rotation may not be the most efficient way to enhance auditor independence and audit quality considering the additional financial costs and the loss of institutional knowledge of a public
company’s previous auditor of record. The potential benefits of mandatory audit firm rotation
are harder to predict and quantify, though we are fairly certain that there will be additional costs.
In addition, the current reforms being implemented may also provide some of the intended benefits of mandatory audit firm rotation.” The report concluded by stating:
“This report makes no recommendations.”
It should be noted that five board members of the TSBPA were interviewed by the GAO as a
part of their study of this issue. The TSBPA concurs with the GAO’s report and can find no
compelling reason for Texas to adopt a mandatory audit firm rotation rule.
24
7.0. TSBPA RULES AND ANALYSIS OF SOX PROVISIONS
The Texas State Board of Public Accountancy shall report to the governor, the
lieutenant governor, and the speaker of the house of representatives, not later
than December 31, 2004, regarding . . . (3) the rules adopted by the board that
are intended to comply with the federal standards described by Subdivisions (1)
and (2) of this section and the board's actions in implementing and enforcing
those rules. . . .
Public Accountancy Act, Sec. 29
The Texas Public Accountancy Act (PAA) affords the authority the TSBPA needs to adopt
rules necessary to implement SOX.
7.1.
The Public Accountancy Act and TSBPA Rules.
The PAA specifically addresses the requirement to adopt rules and rules have been adopted
by the TSBPA. Sec. 901.156 states:
Sec. 901.156. Rules of Professional Conduct (PAA).
The Board shall adopt rules of professional conduct to:
(1) establish and maintain high standards of competence and integrity
in the practice of public accountancy; and
(2) ensure that the conduct and competitive practices of license holders serve the purposes of this chapter and the best interest of the public.
Sec. 901.165 can be directly applied to the SOX provisions of Sec. 29 of the PAA by referencing national accounting standards. This provision in the PAA gives the TSBPA the authority
it needs to issue SOX-type rules:
Sec. 901.165. Rules for Attest Services (PAA).
(a) The board by rule shall specify those services that constitute attest
services.
(b) Attest services are required to be performed in accordance with professional standards. The board may adopt by reference the standards developed for general application by the American Institute of Certified Public
Accountants or another nationally recognized accountancy organization.
[Emphasis added.]
In addition, the PAA in Sec. 901.158 discusses independence by stating:
Sec. 901.158. Rules Restricting Competitive Practices (PAA).
The Board in its rules of professional conduct may regulate the competitive
practices of a license holder as necessary to ensure that the license holder does
not engage in a competitive practice that . . . impairs the independence or quality of a service provided by a license holder.
25
Therefore, in its Rules of Professional Conduct, the TSBPA adopted the following independence rule, which effectively adopts national standards:
Sec. 501.70. Independence (Rules).
A certificate or registration holder in the performance of professional services, including those who are not members of the AICPA, shall conform in fact
and in appearance to the independence standards established by the AICPA
and the board, and, where applicable, the U.S. Securities and Exchange Commission, the General Accounting Office and other regulatory or professional
standard setting bodies.
As a result of this rule, TSBPA actively comments on and initiates proposed changes at the
national level (AICPA, SEC, GAO, etc.)
Rule review is an ongoing process at TSBPA. The TSBPA is required by statute to review
its entire body of rules every four years to assess whether each rule is necessary, and if not, to
either amend, repeal, or replace it. When appropriate, new rules are adopted. The TSBPA has
recently completed its second cycle of rule review, and has determined that its rules are in compliance with federal standards as described in Sec. 29 of the PAA.
Because the PAA, and subsequently the TSBPA’s rules, contain specific language defining
what constitutes financial statements, reports, independence, accounting and auditing standards,
other professional standards, and ethical conduct by CPAs, the TSBPA believes that further legislation and rulemaking in this regard is not necessary.
7.2.
Analysis of SOX Provisions.
The Statutory and Regulatory Responsibility Table provided earlier in this report identifies
the TSBPA as the responsible agency to determine if SOX similar regulation should be adopted
in Texas for the auditors of PIEs. As expressed earlier in this report, TSBPA supports the application of consistent national standards in all states, including Texas. Unless an existing national
standard is obviously inadequate and Texas cannot influence a change to be made, we believe
Texas should not adopt a Texas-only rule. As stated in SOX Sec. 209, “The standards applied
by the Board under this Act should not be presumed to be applicable for purposes of this section
for small and medium sized nonregistered public accounting firms.” Recognizing the objective
of this provision in SOX, the following outlines each SOX provision and the specific TSBPA
response to the issues which pertain to auditors:
7.2(a). SOX Sec. 101-109.
1. auditing, quality control, independence and ethics;
2. registration and inspection of public accounting firms; and
3. investigations and disciplinary proceedings.
26
7.2(a)(1). Independence.
SOX establishes some specific independence requirements for registered entities (public
companies) and authorizes the SEC and PCAOB to further define those standards by rule.
For non-registered entities, national independence standards are prescribed by the Governmental Accountability Office (for all entities that accept federal assistance above a specified
level), federal banking regulators (for financial institutions), the National Association of Insurance Commissioners (for insurance companies), and the Auditing Standards Board and
Professional Ethics Executive Committee of the American Institute of CPAs, among others.
TSBPA rule Sec. 501.70 (quoted above) requires all Texas CPAs and auditors to conform to
the highest standard of independence appropriate for each particular attest engagement. The
applicability of these appropriate standards to PIEs is adequate to assure auditor independence.
7.2(a)(2). Ethics Education.
In early 2003, TSBPA initiated efforts to establish more comprehensive ethics education
both at the entry level of the CPA profession and on a recurring basis for Texas CPA’s. Beginning in 2005, CPA examination candidates in Texas will be required to have completed
three semester hours in TSBPA-approved ethics education as part of their college curriculum.
For all licensed CPAs, recurring ethics education course requirements will be increased in
2005 from a two-hour Board-approved rules course every three years to a four-hour approved
ethics course every two years. Among other pertinent professional situations, the curriculum
for the CPE ethics courses require case studies of ethical dilemmas where the CPA must use
reasoning regarding the preparation and presentation of audited financial statement reports
that both adhere to regulatory and ethical guidelines.
7.2(a)(3). Continuing Education.
The TSBPA adopted rules to improve the quality of continuing professional education.
While the current annual requirement for continuing professional education hours is considered sufficient to maintain a CPA’s competence, the quality of some programs has been
deemed inadequate. Under the new sponsor review program, continuing professional education sponsors must register with the TSBPA for their programs to qualify for Texas CPAs.
Beginning in 2005, sponsor programs will be reviewed at least once every three years to determine compliance with TSBPA quality standards. This program will be funded with sponsor registration fees so that it will be self-supporting.
7.2(a)(4). Registration and Peer Review.
All individual CPAs and practice units, by law, must register annually with the TSBPA.
Texas law has also required quality review, or peer review, of CPA firms for many years. In
light of the newly established PCAOB inspection program, TSBPA has proposed rules (Sec.
527.1) clarifying that all auditing firms must undergo a TSBPA-approved peer review program in addition to the PCAOB inspection program. Further, the peer review program in
Texas “. . . may include education, remediation, disciplinary sanctions or other corrective
action where reporting does not comply with professional or regulatory standards.” The
TSBPA now reviews peer review results on a bi-monthly basis.
27
7.2(a)(5). Enforcement.
SOX requires a code of conduct for senior financial management, which may include
CPAs who serve as financial officers. The TSBPA has stepped up its enforcement efforts by
increasing its enforcement activities and penalties for CPAs who violate its Rules of Professional Conduct and the PAA. Such actions include results of SEC investigations, legal activities and response to complaints to the TSBPA by governmental units and individuals.
The TSBPA has adopted formal rules, where applicable, to implement the new enforcement powers authorized by the 2003 revisions to the PAA, as follows:
PUBLIC ACCOUNTANCY ACT
TSBPA RULE
Increase in the maximum administrative fine
to $100,000 (Sec. 901.552)
Subpoenas (Sec. 519.6)
(ATTACHMENT 13)
Emergency Suspension (Sec. 519.43)
(ATTACHMENT 14)
[Provision is included in Enforcement procedures
and the application of judgment on a case-by-case
basis when assessing penalties or license sanctions ]
Administrative Penalties (Sec. 519.8)
(ATTACHMENT 15)
Authorized fines up to $25,000 for practicing
without a license (Sec. 901.601)
Administrative Penalties (Sec. 519.8)
(ATTACHMENT 15)
Restitution of fees (Sec. 901.6015)
[See Sec. 901.511 above.]
Felony criminal penalties for intentional fraud
(Sec. 901.602)
Sec. 901.602 is complete and in force. Also, Misdemeanors that Subject a Certificate or Registration Holder to Discipline by the Board (Sec. 519.7)
(ATTACHMENT 16)
Subpoena power (Sec. 901.066)
Emergency license suspension (Sec.
901.5045)
Enforcement for out of state offenses (Sec.
901.511)
These additional enforcement tools, along with those already existing, are sufficient for the
TSBPA to effectively enforce the PAA.
7.2(b). SOX Sec. 201. Non-audit service restrictions.
SOX identifies seven specific services that auditors of registered companies are prohibited from providing to their audit clients. National standards of the GAO and the AICPA,
which apply to non-registered PIEs, also prohibit auditors from performing services which
would compromise independence. Although the specific terminology is different from SOX,
the standards are based on the same essential concepts, and adherence to national standards
has been adopted by TSBPA rule. Currently the national standards are in a process of evolution; therefore, the TSBPA will monitor the process and adopt additional rules if needed. No
current action is needed.
28
7.2(c). SOX Sec. 202. Audit committee pre-approval of non-prohibited outside auditor
services.
While each regulatory agency should address this issue to determine if there are industryspecific reasons to adopt this procedure, the TSBPA sees no need to require PIEs across the
board to follow this requirement. The TSBPA does, however, believe it to be good practice
for boards, rather than management, to approve the auditor engagement, fees, and related services.
7.2(d). SOX Sec. 203. Rotation of lead and reviewing audit partner.
The requirement for audit partner rotation is not new with SOX. It is a long-established
practice for auditors of registered (publicly traded) entities, but has never been seriously considered for non-registered entities. The primary issue for non-registered entities is one of
practicality or cost/benefit versus risk of audit failure. The TSBPA recognizes the purpose of
mandatory audit engagement partner rotation to be the maintenance of a fresh and objective
viewpoint of the auditor. Most accounting firms that audit registered entities are of sufficient
size to have many partners and the necessary resources to relocate partners as necessary to
meet the SOX five-year partner rotation requirement. Auditors of privately held and public
interest entities include small firms of a few partners or even individual practitioners. As of
August 31, 2004, there were 10,108 licensed practice units in Texas in the practice of public
accounting, and 9,907 of those were comprised of three or fewer partners. Many of these
practice units are located in rural communities with no other available alternative CPA firms.
In such cases, there is no practical way to accomplish audit engagement partner rotation
without it becoming an effective requirement for firm rotation or deploying out-of-town
firms. The GAO study concluded (quoted previously in this report) that there was not sufficient evidence, even for registered entities, to suggest that firm rotation would improve audit
quality. As quoted previously in this report, NASBA also recommends against mandatory
audit partner rotation since it would lessen competition and raise costs to consumers. Thus,
in a state as large and rural as Texas, imposition of mandatory audit partner rotation for PIEs
could cause hardships and very possibly additional costs for PIEs, CPAs, and the communities they serve. Given these considerations, the TSBPA believes that because existing national auditing standards adequately address independence and objectivity issues, there is no
need for Texas PIEs to have mandatory audit partner rotation. The TSBPA will continue to
monitor its enforcement cases in this regard. If changes become necessary, it will make
them.
7.2(e). SOX Sec. 204. Requirement of audit firm to report on specific items to audit
committee (or its equivalent).
SOX requires auditors to report to the entity’s audit committee/board “critical accounting
policies and practices . . . alternative treatments of financial information within generally accepted accounting principles . . . and other written communications [with] management.”
National auditing standards (SAS 61) requires similar communication for all audits and no
additional auditor rule by TSBPA is necessary.
7.2(f). SOX Sec. 206. Restrictions on hiring of key member of outside audit team (1year cooling off period).
29
While existing national auditing standards do not specifically require a one-year cooling
off period before an auditor or auditor’s employee can be employed by an audit client, there
are specific GAO and AICPA standards that enumerate the circumstances under which an
auditor’s independence is impaired. The intent of these standards is to avoid a continuing relationship or influence between the former employee and the auditor, that the auditor takes
steps to alter audit procedures to guard against the risk of audit procedure compromise, and
that the existing engagement team possess the requisite knowledge and experience to perform
the engagement. The TSBPA believes these standards are adequate and applicable to PIEs.
7.2(g). SOX Sec. 207. GAO study on audit firm rotation
This section relates to the GAO study which was previously discussed in this report. The
report made no recommendation for mandatory audit firm rotation, and the TSBPA concurs
with that conclusion.
7.2(h). SOX Sec. 209. State Board consideration
This section recommends state regulatory authorities make an independent determination
of standards considering the size and nature of the business of accounting firms and the size
and nature of the businesses they serve. Standard-setting is an ongoing process, and the
TSBPA will continue to monitor that process and adopt necessary rules.
7.2(i).
SOX Sec. 404. Reporting on internal controls.
Generally Accepted Auditing Standards (GAAS), as promulgated by the AICPA, are applicable to all non-public entity audits and contain specific auditor requirements for documentation and testing of internal controls by the auditor. However, SOX Sec. 404 expands
this requirement for auditors and management of publicly traded companies. SOX mandates
that management report on the company’s internal controls and that the auditors express an
opinion on both management’s assertions and internal controls. The SEC and PCAOB have
developed very specific standards for internal control documentation, testing, and reporting.
These SOX Sec. 404 provisions are proving to be one of the most difficult and costly SOX
requirements. The TSBPA believes there are fundamental differences between publicly
traded companies and all other entities which make expansion of Sec. 404 unreasonable.
Even if one believes that it should be applied to some class of public interest entities, it seems
prudent to wait until the public company sector and their auditors have underwritten the substantial initial implementation costs and scaled the steep learning curve. Thus, it is perhaps
too early in the process for a reasonable determination as to the cost versus benefits of such a
requirement for PIEs. In any event, the regulating bodies should determine whether such a
requirement should exist for a particular type of PIE.
7.2(j). SOX Sec. 802. Criminal penalties for altering documents and 5 year retention of
audit workpapers.
This section establishes criminal penalties for altering or destroying documents and establishes a five-year retention period for an auditor’s workpapers. TSBPA rules also require
a five-year retention period for audit workpapers. Other actions prohibited under this section
are considered by TSBPA as violations of professional standards. A number of rules relate to
this area, including Sec. 501.60 (regarding Auditing Standards), 501.61 (regarding Accounting Principles), 501.62 (regarding Other Professional Standards), 501.90(2) (regarding dis30
honesty, fraud or gross negligence in the practice of public accountancy), 501.90(8) (regarding knowingly participating in the preparation of a false or misleading tax return or financial
statement), and 501.90(12) (regarding misrepresenting facts or making a misleading or deceitful statement to a client). Therefore, no additional regulation for Texas CPAs is required
at this time. [Also see Sec. 303, Items 1 through 2.]
7.2(k). SOX Sec. 806. Whistleblower protection.
The PAA (Sec. 901.606) provides immunity from civil and criminal liability for reporting
a violation. However, the PIE regulating bodies should determine whether employee protection of PIEs is important.
7.2(l).
SOX Sec. 1102. Criminal penalties for altering documents.
This section parallels Sec. 802 relating to the establishment of criminal penalties for altering or destroying documents. See comments above. [Also see Sec. 303, Items 1 through 2.]
7.2(m). SOX Sec. 1107. Whistleblower protection.
This section parallels Sec. 806 relating to informant protection. See comments above.
7.3.
Action Item for The Texas Legislature.
As a result of analyzing the SOX provisions, the task force recommends that the Texas Legislature assume responsibility related to SOX Sec. 303.
7.3(a). SOX Sec. 303. Unlawful for officer or director to fraudulently influence, coerce,
manipulate or mislead outside auditor.
This section establishes as unlawful actions by officers, directors and any other persons
acting under their direction to fraudulently influence, coerce, manipulate, or mislead independent CPAs engaged in the performance of an audit for the purpose of making the financial statements materially misleading. The TSBPA believes it to be imperative that the public should expect public interest entity boards and management to behave and be held to the
same standards as independent auditors. It thus believes similar legislation in Texas would
be beneficial in strengthening the reliability of financial statements and the environment in
which they are prepared. The TSBPA further believes the criminal penalties for violations of
such a law should be consistent with those levied on CPAs in Sec. 26 of the PAA. Additionally, the Legislature should consider providing the TSBPA with the statutory authority to refer to the appropriate prosecutorial authority information on activities that appear to constitute criminal conduct or violation of a statute in Chapter 31, Theft, or Chapter 32, Fraud,
Texas Penal Code, by individuals other than CPAs.
31
8.0. COST OF COMPLIANCE
States need to carefully deliberate whether or not to apply to non-public companies specific SOX requirements. . . . Many public companies have already reported significant cost increases arising from substantially higher audit fees, legal fees, consultant’s fees, director’s and officer’s insurance costs, director’s
compensation, management compliance time and information technology requirements.
NASBA Discussion Memorandum
The cost of implementing SOX provisions, particularly as they relate to documentation and
reporting on a company’s internal control systems will be substantial. Any recommendations to
apply SOX-like provisions to PIEs or other non-publicly held entities must consider the costs of
compliance compared to the benefits to be derived. Many publicly-traded companies have experienced significant increases in internal costs and fees from their auditors. The Accounting
WEB article, “Section 404 Could Cost Big Companies $ 4.6 Million or More” (ATTACHMENT 17)
states that the cost of compliance for big companies will be in the millions of dollars:
Total costs of first-year compliance with Section 404 of the Sarbanes-Oxley Act
could exceed $4.6 million for each of the largest U.S. companies, according to
a survey of 321 companies by Financial Executives International (FEI). The
added costs are driven by a projected investment of 35,000 hours of internal
manpower, $1.3 million in spending on external consulting and software, and
additional audit fees of $1.5 million (a jump of 35%). FEI is the leading professional organization serving chief financial officers (CFOs) and other senior
financial executives.
“Companies that are currently subject to the SOX requirements will be incurring substantial
costs,” Brenda Nation of the American Council of Life Insurers told the task force in her letter of
July 9, 2004.
The May 21, 2004 National Accounting News stated, “The rising and unpredictable costs of
complying with the Sarbanes-Oxley Act is causing some companies to consider going private to
avoid being forced to adhere to the law’s provisions.”
On May 7, 2004, a United Press International article entitled “Compliance Conundrum”
noted that participants at the American Enterprise Institute generally thought that “. . . some secondary consequences [of SOX legislation] includes extra regulatory costs, not necessarily better
management, and diverting staff away from running the business.” The article states:
The costs are daunting for private companies with plans to go public, and are
causing some public companies to de-list, and some private companies to try
and sell the company so as to not have to pay the extra costs to become SOX
compliant, according to accounting firm Grant Thornton. The firm reported
that since the enactment of SOX, the number of companies seeking to go private
has increased by 30 percent and the number of proposed management buyouts
has increased 80 percent.
32
In addition to direct monetary costs of compliance, other negative impacts can result from
state adoption of SOX-type regulation. To the extent Texas is less friendly to businesses than
other states, some businesses may choose to move elsewhere or economic growth within our
state might slow. A vibrant Texas business climate is also in the public’s interest...
The Federal Reserve Bank of Dallas recently published an article on the state of the Texas
economy which indicates that some of the state’s relative advantage to the nation’s economy has
been diminishing. A number of factors are given for this recent phenomenon, including the
state’s high tech concentration as well as labor competition from overseas.
Regarding the short-term outlook, the Federal Reserve’s article states that positive attributes
remain, but:
. . . the state may have lost some of its comparative advantage as a low-cost
base for economic expansion . . . Retaining a favorable business climate with
smart and efficient government is essential to ensuring that the foundation for
starting and building businesses and spurring strong growth remains. Increases in taxation or regulation that are not perceived to improve the quality
of living and doing business in Texas will be harmful to future economic expansion.
33
9.0. CONCLUSION
State boards should participate in the review process and develop board rules
that reference the revised standards for non-public companies, rather than drafting rules that apply only to their jurisdiction.
NASBA Discussion Memorandum
The TSBPA firmly believes the public is better protected when boards of directors
and management of entities have clear responsibilities and behavior consistent with
good fiduciary stewardship
It is the consensus of the TSBPA’s task force that:
1. there should not be an additional layer of regulation on PIE’s in Texas;
2. notwithstanding Item 1. above, existing regulatory bodies should review relevant SOX
provisions to determine applicability, if any, to the corporate governance and management of the entities for which they are responsible;
3. SOX-type provisions should not be presumed to apply across the board;
4. the cost versus the benefit of SOX-type legislation must be justified;
5. in accordance with the GAO report, no requirement for mandatory audit firm rotation
should be enacted.
6. the State of Texas should not impose SOX-like regulations on the private business community; and
7. the State of Texas should be involved in the development of national standards for accounting and the regulation of financial statements for public interest entities.
9.1.
Recommendations.
The TSBPA:
1. cautions against state-by-state implementation of SOX-type legislation on public interest
entities or on other non-publicly held entities;
2. recommends that existing regulatory bodies in Texas review relevant SOX provisions as
identified in the Statutory and Regulatory Responsibility Table [pages 8-10 of this report]
to determine which, if any, provisions or their objectives are appropriate for the regulatory bodies’ respective jurisdiction; and
3. recommends potential legislation consistent with SOX Sec. 303 making it illegal for an
officer, director, or persons directed by them to fraudulently influence, coerce, manipulate, or mislead an independent public accounting firm performing an audit for PIEs in
Texas to be accomplished by:
a. reviewing existing statutes to determine whether they are sufficient to cover such
conduct caused by non-CPAs who are not within the TSBPA’s jurisdiction;.
b. adopting penalties for such actions which are consistent with those in Chapter 26 of
the PAA; and
c. providing the TSBPA with the statutory authority to refer to the appropriate prosecutorial authority information on activities that appear to constitute criminal conduct or
34
violation of a statute in Chapter 31, Theft, or Chapter 32, Fraud, Texas Penal Code,
by individuals other than CPAs.
The TSBPA anticipates that during the upcoming Texas Legislative session, it will continue
to work with the Legislature to further examine recommendations for improving the public’s
confidence in audits and the resulting financial information on which the public relies. The
TSBPA does not recommend legislation imposing added layers of regulation on Texas entities.
Existing state regulators should be the source of the issuance of rules for those entities that they
regulate, unless needed changes, if any, require legislation. Therefore:
• The existing TSBPA rules have been reviewed and updated pursuant to the PAA and the
latest national accounting standards.
• Through the PAA, the TSBPA has the necessary authority to regulate the CPA profession
in Texas and procure additional rules as they may become necessary.
• The TSBPA recommends voluntary compliance with SOX-type provisions whenever practical for public interest entities and where determined by their respective regulatory agencies. The TSBPA does not recommend legislation which would result in unfunded mandates for political subdivisions or not-for-profit organizations.
35