• Auditor Independence: A Checklist on Performance of Services by Accounting Firms
  • November 19, 2003 | Authors: Marilyn Mooney; Sean J. Klein
  • Law Firm: Fulbright & Jaworski L.L.P. - Washington Office
  • The provisions of the Sarbanes-Oxley Act requiring Audit Committee involvement in the engagement of auditors and approval of the services they provide has heightened emphasis on auditor independence. The following checklist is intended to help an issuer ensure that each accounting firm it engages to perform audit services is independent. The application of the auditor independence rules is extremely complex. This client alert should be considered in conjunction with our client alert, "SEC Adopts Revised Rules on Auditor Independence", dated February 2003 ("February Client Alert"). This checklist does not reflect other auditor independence rules on financial relationships, employment relationships, business relationships, and partner rotation, nor does it address special issues involving investment companies.

    Address Threshold Issues

  • Scope of Coverage. Become familiar with certain key definitions and their applications. Definitions in the auditor independence rules cast a far wider net than many may realize.

  • Audit Client. Determine who the audit client is. "Audit client" is defined in Rule 2-01(f)(6) of Regulation S-X as "the entity whose financial statements or other information is being audited, reviewed or attested and any affiliates of the audit client."

    • Affiliate of the Audit Client. An "affiliate of the audit client" is defined in Rule 2-01(f)(4) of Regulation S-X to include
      • an entity that has control over the audit client, or over which the audit client has control, or which is under common control with the audit client, including the audit client's parents and subsidiaries;
      • an entity over which the audit client has significant influence, unless the entity is not material to the audit client; and
      • an entity that has significant influence over the audit client, unless the audit client is not material to the entity.

    • Subsidiary. A subsidiary is defined in Rule 1-02(n) as "an affiliate controlled . . . directly, or indirectly through one or more intermediaries."

    Note that the term, audit client, not only includes the issuer and its parents and subsidiaries, but also may include an issuer's non-controlled entities such as joint ventures. This possibility stems from the definition of an affiliate of the audit client and its reference to entities over which the audit client has significant influence.

  • Accountant. Identify the accountants providing services.

    • Accountant. Accountant is defined in Rule 2-01(f)(i) to mean "a registered public accounting firm, certified public accountant or public accountant performing services in connection with an engagement for which independence is required. References to the accountant include any accounting firm with which the certified public accountant or public accountant is affiliated."

    • Accounting Firm. "Accounting firm" is defined in Rule 2-01(f)(2) of Regulation S-X as "an organization (whether it is a sole proprietorship, incorporated association, partnership, corporation, limited liability company, limited liability partnership or other legal entity) that is engaged in the practice of public accounting and furnishes reports or other documents filed with the Commission or otherwise prepared under the securities laws, and all of the organization's departments, divisions, parents, subsidiaries, and associated entities, including those located outside of the United States."

  • Audit and Professional Engagement Period. Be aware of the time period the independence rules cover. Under Rule 2-01(f)(5), the period includes both the period covered by the financial statements and the period of engagement to audit or review financial statements or to prepare a report filed with the Securities and Exchange Commission ("SEC"). The period of engagement (1) begins the earlier of the accountant's execution of the engagement letter or the accountant's commencement of audit, review or attest procedures and (2) ends upon notification to the SEC that a company is no longer the accountant's audit client. For a foreign issuer, periods prior to the first day of the last fiscal year before its first SEC filing are not included as long as there was compliance with home country independence standards for all prior periods included in any SEC filing.

Analyze Audit Services

  • Scope of Coverage. Keep in mind that more than one accountant may provide audit, review or attest services to one or more of the entities that constitute the audit client. The principal accountant may, for example, rely on the work of another accountant in issuing its audit report. Or, a subsidiary of the issuer in a foreign country may need to use the audit services of another accounting firm if the principal auditor does not have an office there or may be required to use a statutory auditor.

  • Audit Services. Identify the audit services being performed for the audit client. Audit services include:

    • all services necessary to perform an audit pursuant to U.S. Generally Accepted Auditing Standards ("GAAS");

    • services that generally only the issuer's auditor can reasonably provide such as comfort letters, statutory audits, attest services, consents and review of documents filed with the SEC; and

    • other services that are typically treated as non-audit services, such as tax services and accounting consultations, if provided to assist an auditor in fulfilling its responsibilities under GAAS.

  • Terms of Engagement. Evaluate the terms of engagement. Even where an accountant performs no non-audit services for its audit client, terms of the engagement can raise independence issues. Keep in mind that other rules and the SEC's Codification of Financial Reporting Policies are still applicable.

  • Indemnity Agreements. Avoid indemnification of accountants as to their performance of audit services. Remember that an indemnity agreement between an issuer and an accountant performing audit services impairs the auditor's independence as to the performance of those services. See Section 602.02f(i) of the Codification of Financial Reporting Policies. Note, however, that the SEC's policy does not address indemnity agreements in the context of the performance of non-audit services.

  • Contingent Fees. Review the fee arrangements. At no time during the audit and professional engagement period may an accountant receive a contingent fee or commission from an audit client for any service or product provided.

    Analyze Non-Audit Services

  • Scope of Coverage. Keep in mind that the rules with respect to the performance of non-audit services pertain to an accountant during its audit and professional engagement period to the audit client. The scope of coverage may therefore encompass accountants performing non-audit services for non-controlled entities. Prohibitions and restrictions do not apply to accountants performing no audit services for the audit client. But if an accountant begins to provide audit services, it may not re-audit prior period financial statements if the accountant was not independent as to the prior periods due to performance of prohibited non-audit services in the prior periods.

  • Non-Audit Services. Identify non-audit services proposed to be performed for entities comprising the audit client. Generally speaking, a non-audit service is any service other than an audit service. Note, however, that the same activity may constitute an audit or a non-audit service depending on the context in which it is performed. See the February Client Alert.

  • Prohibited Non-Audit Services. Determine whether a proposed non-audit service is prohibited. The issuer must ensure that non-audit services prohibited by Rule 2-01(c)(4) of Regulation S-X are not being and will not be provided to the audit client by any accountants providing audit services. An accountant that is providing audit services to an audit client is prohibited from providing the following services to the audit client under any circumstances:

    • management functions;

    • human resources functions;

    • broker-dealer, investment adviser, or investment banking services;

    • legal services; and

    • expert services unrelated to the audit.

    Examples and distinctions with respect to these services are contained in the February Client Alert.

    If prohibited, no presentation of the matter need be made to the Audit Committee for any such service or product.

  • Permissible Services. Determine which non-audit services may be permissible within certain parameters. The following non-audit services performed by an accountant performing audit services for an audit client are prohibited by Rule 2-01(c)(4), "unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the audit client's financial statements":

    • bookkeeping services;

    • financial information systems design and implementation;

    • appraisal or valuation services, fairness opinions or contribution-in-kind reports;

    • actuarial services; and

    • internal audit outsourcing services.

    There is a rebuttable presumption that a prohibited service will be subject to audit procedures. Moreover, materiality is not a valid basis for determining that the services will not be subject to audit procedures because the materiality determination itself is an audit procedure.

    Examples and distinctions with respect to these services are contained in the February Client Alert.

    Permissible services, where performed for the issuer or its subsidiaries, must be pre-approved by the Audit Committee. These services, where performed for an affiliate of the audit client, other than the issuer and its subsidiaries, are subject to the independence rules but are not technically required to be submitted to the Audit Committee for pre-approval.

  • Internal Controls. Beware of assistance on internal controls from an accountant performing audit services in connection with the SEC's recently adopted rules on management's assessment of internal control over financial reporting. Although accountants may assist management in documenting internal controls, management cannot delegate its responsibility to assess internal controls to accountants. A mere acceptance by management of responsibility for the documentation and testing performed by an accountant does not satisfy the auditor independence rules. As a result, many issuers have viewed internal controls engagements of accountants performing audit services as inadvisable, if not prohibited. In its proposed auditing standard for internal control over financial reporting, the Public Company Accounting Oversight Board ("PCAOB") would prohibit an auditor from accepting an internal control-related engagement that has not been "specifically pre-approved" by the Audit Committee.

  • Unaddressed Non-Audit Services. Keep in mind that for non-audit services not specifically addressed in SEC rules, the general standards of independence will apply to determining their permissibility. The issuer will still be required to make a determination that the provision of such services by any accountant providing audit services will not impair such firm's independence. The pre-approval requirements noted above also apply in these circumstances. Those general standards are:

    • As set forth in Rule 2-01(b) of Regulation S-X, the "Commission will not recognize an accountant as independent, with respect to an audit client, if the accountant is not, or a reasonable investor with knowledge of all relevant facts and circumstances would conclude that the accountant is not, capable of exercising objective and impartial judgment on all issues encompassed within the accountant's engagement."

    • The Preliminary Note to Rule 2-01 states that in considering the standard set forth in Rule 2-01(b), the Commission will look to whether a relationship or provision of a service "(a) creates a mutual or conflicting interest between the accountant and the audit client, (b) places the accountant in the position of auditing his or her own work; (c) results in the accountant acting as management or an employee of the audit client, or (d) places the accountant in a position of being an advocate for the audit client."

  • Transition Rules. Remember to consider transition rules for services that were previously permissible and became prohibited when the auditor independence rules were amended effective May 6, 2003. See the February Client Alert.

    Obtain Audit Committee Pre-Approval

  • Scope of Coverage. Consider the scope of coverage as to what the issuer's Audit Committee is required to approve.

    • Issuer or its Subsidiaries. The pre-approval requirement pertains to the engagement of an accountant by the issuer or its subsidiaries to render audit or non-audit services. Although the prohibitions on non-audit services extend beyond the issuer or its subsidiaries to entities comprising the audit client, the requirement for Audit Committee approval of non-audit services does not extend to entities comprising the audit client other than the issuer and its subsidiaries. Best practices would nevertheless suggest that the Audit Committee should be informed of such a situation and be advised for the record of the analysis underlying the conclusion that performance of the service is permissible.

    • Accounting Firms Providing Audit Services. All audit services must be pre-approved whether performed by the principal auditor or other firms, including statutory auditors of foreign subsidiaries. Audit Committee pre-approval is not required for any services to be performed by an accountant that is not otherwise providing audit services to the audit client.

  • Timing. Note that the timing of the approval must be before the engagement of the accountant. Note also that the start date for the application of the independence rules is no later than the first day of the period to be covered by the financial statements. Care should be taken not to run afoul of either timing requirement.

  • Pre-Approval Policies and Procedures. Obtain Audit Committee pre-approval. The most convenient approach to pre-approval is to adopt pre-approval policies and procedures.

    • Required Elements

      • Detail each particular service to be provided. The use of broad, categorical approvals (e.g., tax compliance services) would not meet this requirement. Nor would a schedule of services be sufficient without detailed backup documentation. Moreover, monetary limits cannot be the only basis for the pre-approval policies and procedures. Nevertheless, pre-approval policies should set forth reasonable maximum amounts of fees that may be paid for each particular service with fees above such amounts subject to additional approval.

      • Require that the Audit Committee be informed about each service actually approved pursuant to the policies and procedures.

      • Do not delegate Audit Committee authority to management by allowing pre-approval policies to require application of any management judgment in their implementation.

    • Practical Elements

      • Identify and centralize the management function or functions authorized to apply the pre-approval policies and procedures and to determine that such policies and procedures have been satisfied whenever they are applied.

      • Prohibit company personnel and outside advisors from hiring on behalf of the issuer and its subsidiaries any accountant for any service without complying with the established pre-approval process.

  • Delegation of Authority to Audit Committee Members. Delegate pre-approval authority. The Audit Committee has the statutory power to delegate pre-approval authority to any Audit Committee member who is independent. Delegation of authority allows pre-approval action on individual non-audit services proposed between meetings of the Audit Committee that are not addressed in pre-approval policies and procedures. The Audit Committee should be clear in its delegation whether members with delegated authority can overrule monetary limits contained in pre-approval policies and procedures on a non-audit service detailed therein.

  • Waiver. Do not rely on a waiver of the pre-approval requirement. A waiver would only apply as to services other than audit, review or attest services if (1) the aggregate amount was no more than 5% of the total revenues paid by the audit client to the accountant during the fiscal year of the services; (2) the services were not recognized as non-audit services at the time of engagement; and (3) the Audit Committee is promptly informed of the services and the services are approved prior to completion of the audit by either the Audit Committee or an authorized Audit Committee member. The waiver does not constitute a de minimis exception. The exception is only available if services were, among other things, not recognized as non-audit services.

  • Minutes. Record the Audit Committee proceedings in minutes that clearly evidence informed deliberations.

    • Findings. In pre-approving any permissible non-audit service, whether directly or in pre-approval policies, the Audit Committee should consider making findings as the basis for the determination that designated non-audit services are permissible.

    • Legal Advice. The Audit Committee should consider requesting legal counsel's advice on the permissibility of a non-audit service.

    • Accountant's Position. The Audit Committee should have each accountant performing audit services provide its official position whether the performance of a given non-audit service is permissible and will not impair its independence.

  • Meeting Agendas. Add standing agenda items to audit committee agendas.

    • Management Report. Include a report of actions taken by management pursuant to pre-approval policies and procedures.

    • Audit Committee Member Report. Have a presentation of actions taken by Audit Committee members with delegated pre-approval authority.

    • Waivers. Where a service was not recognized as a non-audit service, report matters to which the waiver was temporarily applied pending Audit Committee approval.

    • Approval. Include a presentation of any services requiring approval, including those to which a waiver had been applied.

    Disseminate Downstream The Approval Policies And Procedures

  • Educate Personnel. Educate personnel who may have occasion to hire accountants (e.g., finance, internal audit, M&A, tax, HR, employee benefits, environmental, legal counsel, lobbyists) that they may not do so without complying with the company's pre-approval requirements.

  • Educate Outside Advisors. Advise outside advisors who may have occasion to hire accountants (e.g., litigators, outside law firms, lobbyists, investment bankers, and employee benefits, environmental or other consultants) on behalf of the client that they may not do so without approval from the issuer.

    Monitor Compliance With Pre-Approval Policies And Procedures

  • Take and Keep Inventory. Keep a spreadsheet of which accountants are performing what services during the audit and professional engagement period for:

    • the issuer;

    • subsidiaries of the issuer; or

    • other entities comprising the audit client.

  • Assign Responsibility. Assign responsibility for maintaining the inventory of accountants providing services.

  • Audit Compliance. Consider periodically auditing compliance with the pre-approval policies and procedures.

    Follow Developments

  • PCAOB. Remember that the PCAOB also has jurisdiction over auditor independence matters and could issue guidance in this area. In fact, the PCAOB has announced its intention to conduct an in-depth evaluation of independence requirements.

  • SEC. Continue to follow SEC activities in this area.

  • Sources. Consider relevant sources when faced with an auditor independence issue. These would include:

    • Rule 2-01 of Regulation S-X, 17 CFR ยง 210.1-01, et. seq.

    • Final Rules on Strengthening the Commission's Requirements Regarding Auditor Independence, SEC Release No. 33-8183 (January 28, 2003);

    • Final Rules on Management's Report on Internal Control Over Financial Reporting, SEC Release No. 33-8238 (June 5, 2003);

    • Codification of Financial Reporting Policies, 7 Fed. Sec. L. Rep. (CCH) 72,921;

    • The Office of the Chief Accountant's Application of the January 2003 Rules on Auditor Independence -- Frequently Asked Questions (August 13, 2003); and

    • Proposed Auditing Standard -- An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, PCAOB Release No. 2003-017 (October 7, 2003).