public_company_audits
advertisement
http://www.aicpa.org/pubs/jofa/oct2002/miller.htm PUBLIC COMPANY AUDITS What auditors/audit committees need to know and do to comply. Regulations Under the Sarbanes-Oxley Act BY RICHARD I. MILLER AND PAUL H. PASHKOFF EXECUTIVE SUMMARY THE SARBANES-OXLEY ACT OF 2002 is a major reform package mandating the most far-reaching changes Congress has imposed on the business world since FDR’s New Deal. THE ACT ESTABLISHES THE PUBLIC COMPANY Accounting Oversight Board (PCAOB) to regulate accounting professionals that audit the financial statements of public companies. The new board’s operations are subject to direct and substantial SEC oversight. ONCE THE SEC DETERMINES THE BOARD IS ORGANIZED and can accept its responsibilities (which could occur prior to April 26), public accounting firms have 180 days to register with the board or cease all participation in public company audits. TWO CRITICAL ISSUES THE SEC AND THE NEW BOARD will need to address relate to providing guidance regarding who is required to register and the treatment of persons associated with public accounting firms, who might include individual accountants or other entities that receive compensation from the accounting firm or participate as an agent of the accounting firm. PUBLIC ACCOUNTING FIRMS WILL HAVE TO PAY CAREFUL attention to the information on the application for registration with the PCAOB, some of which goes well beyond the scope of what is currently required by state boards of accountancy or the AICPA. AN IMPORTANT FUNCTION OF THE NEW BOARD includes conducting inspections of registered firms. In addition, it has a full range of sanctions at its disposal, including suspension or revocation of registration, censure and significant fines. THE SARBANES-OXLEY ACT PROHIBITS ALL REGISTERED public accounting firms from providing audit clients, contemporaneously with the audit, certain nonaudit services, including internal audit outsourcing, financial-information-system design and implementation services and expert services. THE ACT PROVIDES FOR SIGNIFICANT CORPORATE governance reforms regarding audit committees and their relationship to the auditor, making the audit committee responsible for the appointment, compensation and oversight of the issuer’s auditor. PAUL H. PASHKOFF is an attorney and associate at Fried, Frank, Harris, Shriver & Jacobson, Washington, D.C. His e-mail address is PashkPa@ffhsj.com. RICHARD I. MILLER, JD, is general counsel and secretary of the AICPA. His e-mail address is RMiller@aicpa.org. Mr. Miller is an employee of the Institute and his views, as expressed in this article, do not necessarily reflect the views of the AICPA. Official positions are determined through certain specific committee procedures, due process and deliberation. he Sarbanes-Oxley Act of 2002 is a major reform package mandating the most far-reaching changes Congress has imposed on the business world since FDR’s New Deal. It seeks to thwart future scandals and restore investor confidence by, among other things, creating a publiccompany-accounting-oversight board, revising auditor independence rules, revising corporate governance standards and significantly increasing the criminal penalties for violations of securities laws. This article highlights the provisions most important to accounting professionals engaged in public company audits. Determining its full scope and impact remains a work in progress on many levels as the SEC undertakes the task of implementing the act. AICPA President and CEO Barry C. Melancon has affirmed the Institute’s commitment to working toward the effective implementation of the act and to rebuilding the faith of investors who depend on accounting professionals for information critical to the capital markets (see “A New Accounting Culture”). THE PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD Sarbanes-Oxley establishes the Public Company Accounting Oversight Board (PCAOB) to regulate accounting professionals who audit the financial statements of public companies. The board’s operations are subject to direct Timing Is Everything The Sarbanes-Oxley Act says the Public Company Accounting Oversight Board must be organized and SEC-authorized to function on or before April 26, 2003. As soon as the SEC sees that the new board has the and substantial SEC oversight. It, according to the act, is not a government agency and will be made up of five fulltime “prominent individuals of integrity and reputation.” Two members must be or must have been CPAs. The SEC, in consultation with the chairman of the Board of Governors of the Federal Reserve System and the secretary of the U.S. Department of the Treasury, is responsible for identifying the initial board members. The critical task of finding the right individuals for this job is complicated by the requirement that members of the PCAOB refrain from engaging in any other professional or business activity while serving. The SEC must appoint the chairperson and other initial members by October 28, 2002. The board is responsible for, among other things, capacity to carry out its responsibilities (which could occur prior to April 26), public accounting firms have 180 days to register with the board or cease all participation in public company audits. Accounting firms should not attempt to wait until the 179th day to register because the board has 45 days to act on an application and is permitted to request additional information from an applicant. It would be prudent for accounting firms to allow a sufficient time cushion for the registration process and submit applications no later than the 135th day after the SEC’s determination. Registering public accounting firms. Establishing or adopting—by rules—auditing, quality control, ethics, independence and other standards relating to the preparation of audit reports. Conducting inspections (the successor to peer review for public companies) of registered accounting firms. Conducting investigations and disciplinary proceedings. Imposing appropriate sanctions to enforce compliance with the rules and laws. It is important to note the responsibility for establishing auditing, attestation and quality control standards—a function currently performed by the Auditing Standards Board (ASB)—now rests with the Public Company Accounting Oversight Board. While the new board is required to “cooperate on an ongoing basis” with designated professional groups of accountants and advisory groups engaged in standard setting, it will have authority to amend, modify, repeal or reject any standards suggested by these groups. Accordingly, the board may, but is not required to, continue to allow the ASB to establish these standards. (The AICPA expects to demonstrate to the PCAOB that the Auditing Standards Board is the appropriate body to continue to set auditing standards.) REGISTRATION WITH THE BOARD The Sarbanes-Oxley Act says the Public Company Accounting Oversight Board must take such action necessary to enable the SEC to determine by April 26, 2003 that it is organized and has the capacity to carry out its responsibilities under the legislation. After this determination is made (which could occur prior to April 26), public accounting firms have 180 days to register with the new board or cease all participation in public company audits. Most of the act’s provisions affecting practitioners are effective upon registration with the PCAOB. As a practical matter, however, accounting firms should not attempt to wait until the 179th day to register because the new board has 45 days to act on an application and is permitted to request additional information from an applicant. It would be prudent for accounting firms to allow a sufficient time cushion for the registration process and submit applications no later than the 135th day after the SEC’s determination. Each firm should carefully review its application and request confidential treatment, as permitted under the act, with respect to any proprietary or personal information. Another critical issue the SEC and the board will need to address relates to providing guidance regarding who is required to register. The act says accounting firms that “prepare or issue” or “participate” in the preparation or issuance of any audit report for any “issuer” must be registered. Exactly what is meant by “participate in the preparation…of any audit report,” for example, is not entirely clear. Nor is the act’s definition of “issuer,” which includes any issuer, as that term is defined by the Securities Exchange Act of 1934, whose securities are registered under Section 12 of the Exchange Act, that is required to file reports under Section 15(d) of the Exchange Act or that files a registration statement that has not yet become effective and that has not been withdrawn. Informal conversations with SEC representatives, as well as the Department of Labor, resulted in inconsistent interpretations regarding, for example, whether an employee benefit plan filing a Form 11-K would fall within the legislation’s definition of an issuer. THE ASSOCIATED-PERSONS QUESTION Another question left unanswered by the act is the treatment of persons associated with public accounting firms, who might include individual accountants or other entities that, “in connection with the preparation or issuance of any audit report,” receive compensation from the accounting firm or participate as an agent of the accounting firm. But what constitutes compensation in connection with an audit report will not be known until regulations are issued. The act does not require associated persons to register with the board or abide by the legislation’s independence requirements. The act does, however, grant the SEC and the PCAOB authority to extend these requirements to associated persons. Whether or not this authority is exercised will have far-reaching consequences with respect to a variety of services provided to issuers by persons associated with public accounting firms, both domestically and internationally. FOREIGN FIRMS Foreign firms that prepare or furnish audit reports with respect to any issuer are required to register under the act. Further, the Public Company Accounting Oversight Board has discretion to extend the act’s registration requirements to foreign firms that play a “substantial role” in the preparation of audit reports for any issuer. The act also has implications for any U.S.-registered firm that relies on the opinion of a foreign accounting firm in issuing part of any audit report. In such cases, the U.S. firm is deemed to have (1) consented to supplying the audit workpapers of the foreign firm in response to a request by the board or SEC and (2) secured the agreement of the foreign firm to such production as a condition of its reliance on the opinion. This provision remains very controversial because of the opposition of many countries to its broad extraterritorial reach. Further, the deemed consent to production of their documents may be inconsistent with, and in some cases prohibited by, the laws of foreign jurisdictions. Both the PCAOB and the SEC have authority to exempt foreign accounting firms from these requirements, and will undoubtedly be called upon to grapple with this issue in the near future. APPLICATION REQUIREMENTS Public accounting firms will have to pay careful attention to the information on the application for registration with the PCAOB. The following information is required under the new act, some of which goes well beyond the scope of what is currently required by state boards of accountancy or the AICPA: Names of all audit clients who are issuers. Annual fees received from each issuer, broken down by audit and nonaudit services. Financial information as requested by the PCAOB. A statement of quality control policies for the firm’s auditing and accounting practices. A list of all accountants participating in any audit report of any issuer, including license or certification numbers. Information relating to criminal, civil or administrative actions or disciplinary proceedings pending against the firm or any associated person of the firm. Copies of any periodic or annual disclosures regarding disagreements between the issuer and the firm during the preceding calendar year. Any additional information specified by the new board. The application must include a consent by the firm to cooperate with the new board with respect to any request for documents or testimony (and an agreement by the firm to obtain similar consents from each person providing any audit services to issuers). Registered firms will be required to update the information contained in the application at least annually. PERIODIC INSPECTIONS One of the central functions of the Public Company Accounting Oversight Board is to conduct inspections of registered firms. They will occur annually for firms that audit more than 100 issuers and at least once every three years for all other firms (the new board has the discretion to adjust these schedules). The inspection concept is fundamentally different from the current peer review. First, it is not firm on firm. Second, it is not strictly remedial. Thus, if the inspectors find any violations of the act, the PCAOB’s rules, federal securities laws, applicable professional standards or the firm’s own quality control policies, these findings may serve as the basis for disciplinary action by the board. In addition, the inspections may include matters subject to ongoing litigation. Interestingly, although the current system of regulation has been criticized for operating outside the public eye, any criticisms or deficiencies relating to a firm’s quality control system will not be made public unless the firm fails to satisfactorily address the issues within 12 months from the date of the inspection report. (There is some question as to whether the new board’s inspection process will satisfy the peer review requirements of certain state accountancy boards.) DISCIPLINARY POWERS The PCAOB’s other major responsibility is its disciplinary function. The new board has a full range of sanctions at its disposal, including suspension or revocation of registration, censure and significant fines. It has authority to investigate any act or practice that may violate the act, the new board’s rules, the provisions of the federal securities laws relating to audit reports or applicable professional standards. These proceedings will generally be confidential, unless for good cause the board orders a public hearing. Although any disciplinary sanctions, accompanied by a supporting statement from the board, would be made public after the process was concluded, the act includes confidentiality provisions protecting most documents prepared or received by the board in connection with an investigation. These materials can, however, be shared with other regulators. FUNDING Accounting firms will pay a registration fee and an annual fee to cover the costs of processing and reviewing applications and annual reports. The bulk of the Public Company Accounting Oversight Board’s funding will be provided through an annual accounting support fee assessed on issuers; these funds will support the board’s inspection program, relieving firms of a financial burden they now bear. The fee will be levied in proportion to each issuer’s equity market capitalization— larger issuers will pay larger fees. These fees also will be used to fund the FASB, which will continue to set accounting standards. DOCUMENT RETENTION There are three separate, and potentially inconsistent, document retention requirements in the act. First, the board is required to adopt rules mandating a seven-year retention period for audit workpapers and “other information related to any audit report, in sufficient detail to support the conclusions reached in such a report.” Second, the board may require retention of additional documents for inspection purposes. Third, the criminal provisions of the act include a five-year retention period for all audit and review workpapers, and the SEC is directed to establish rules relating to the retention of such workpapers by January 26, 2003. These document retention issues may be further complicated by state-level retention requirements. For example, California recently passed a law requiring accountants to maintain certain audit documentation for seven years and accounting firms to write document retention and destruction policies. As the penalties for noncompliance can be severe, it is increasingly important for accounting firms to pay careful attention to the various record retention requirements that may be applicable in the jurisdictions in which they practice. AUDITOR INDEPENDENCE Sarbanes-Oxley prohibits all registered public accounting firms from providing audit clients, contemporaneously with the audit, certain nonaudit services including internal audit outsourcing, financial-information-system design and implementation services and expert services. These scope-of-service restrictions go beyond existing SEC independence regulations. In addition, all other services, including tax services, are permissible only if preapproved by the issuer’s audit committee and all such preapprovals must be disclosed in the issuer’s periodic reports to the SEC. The act also requires auditor (not audit firm) rotation. The lead audit partner and/or the concurring review partner must rotate off the engagement if he or she has performed audit services for the issuer in each of the five previous fiscal years. There is no distinction regarding the capacity in which the audit or concurring partner provided such audit services. Accordingly, services provided as a manager or in some other capacity appear to count toward the five-year period. In addition, the provision applies as soon as the firm is registered, so, absent guidance to the contrary, the audit and concurring partner must count back five years starting with the date in which PCAOB registration occurs. This provision is particularly important because of its potential impact on small accounting firms. The SEC is considering whether or not to accommodate small firms in this area; currently there is no small-firm exemption from this provision. AUDIT COMMITTEES The act provides for significant corporate governance reforms regarding audit committees and their relationship to the auditor, making the audit committee responsible for the appointment, compensation and oversight of the issuer’s auditor. This should fundamentally change the auditor/client relationship. Further, the auditor reports directly to the audit committee, not to management, reinforcing the position that the auditor’s duties run to the shareholders, rather than management. Each member of the audit committee must be independent, and the audit committee must have the authority to hire independent counsel and other advisers. In addition, each issuer must provide appropriate funding, as determined by the audit committee, for compensating the auditor and any advisers retained by the audit committee. The audit committee also must establish procedures for handling complaints regarding accounting or auditing matters and for the confidential submission by employees of concerns regarding questionable accounting or auditing matters. In light of these new increasingly important audit committee responsibilities, the audit committee must forge an effective working relationship between itself and the auditor. The full scope of the act is too expansive to address in this article other provisions such as CEO and CFO certification of financial reports, enhanced financial disclosures, including off-balance-sheet transactions and special purpose entities, pro forma financial information reconciling to GAAP financial statements and auditor reports on management assessments of internal controls. The act mandates the completion of several studies, which may result in additional legislation or rule making. There is no doubt the profession is on the cusp of a new era of accounting regulation. Accordingly, it must appropriately focus on the effective implementation of the Sarbanes-Oxley Act, as well as the challenge of meeting its primary objective: restoring investor confidence.
