Friday, October 9, 2020

Saving the Independent Audit

Editor's Note: The Public Interest Section of the American Accounting Association is pleased to publish the following blog post by Steve Mintz, Professor Emeritus, Cal Poly, San Luis Obispo. Please contact lawrence.chui@stthomas.edu with questions, comments, or suggestions about our blog, or to express interest in our organization. Disclaimer: When you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.


[This blog is taken from an article to be published in the October 2020 issue of The CPA Review.] 

The standards for an independent audit seem to be loosening. One area of concern is when nonaudit services are performed for an entity that becomes an affiliate of the audit client. Problems arise when otherwise permissible nonaudit services are provided to a non-audit client that becomes an affiliate of an audit client. The independence rules then apply to both clients as if they were one entity.

Some firms are now using a materiality criterion to determine whether these nonaudit services provided to an affiliate entity, that would be prohibited if the parent had provided them, violate the independence requirement in audit engagements. Applying such a materiality standard can have the effect of dismissing otherwise improper relationships. In some cases, audit firms are misrepresenting nonaudit services as part of the audit services to get around the rules that prohibit certain nonaudit services for audit clients. Purposely doing so misleads the users of financial statements about the independence of the client.

Clearly there is a problem that left untreated may fester and lead to independence violations that get worse or more intense. Too many auditors are violating ethical requirements. The possibility exists that auditors may be subconsciously regarding the independence ethical requirements as not applying to them or not worth considering because they know they are objective and have integrity. It may be that a strictly audit firm may be able to do a better job of ensuring adherence to the independence rules than a firm that has a mixed rather than an exclusively audit culture. One possible solution is to operationally split off audit services from nonaudit services to protect the independent audit.

Materiality Exceptions

KPMG was involved in a client acceptance process for an entity when it learned that the firm had been providing nonaudit services to affiliates of the entity that the firm would be prohibited from providing if it became the independent auditor of the entity. These services included bookkeeping and payroll services provided to affiliates in 11 different countries. According to Accounting and Auditing Enforcement Release No. 3530, “the KPMG audit engagement team – in consultation with the firm’s Independence Group – concluded that, based on the perceived immateriality of the locations and services provided,” KPMG’s overall independence would not be impaired if it became the auditor of the entity but also continued providing the nonaudit services to the affiliates during the transition period of February 22, 2008 and July 1, 2008. KPMG became the auditor and confirmed to the client that it was independent with respect to [the client] and its related entities under applicable SEC and PCAOB independence requirements.”[1]

Using a materiality criterion to determine whether certain nonaudit services should be allowed opens a can of worms. Logical questions are: (1) Is independence a standard left to the individual judgment of the auditors or is it based on SEC regulations and PCAOB standards? and (2) Where do you draw the line in making materiality determinations?

Mischaracterizing Nonaudit Services

In 2014, PwC performed nonaudit services for an audit client concerning Governance Risk and Compliance (GRC) software that was used to coordinate and monitor controls over financial reporting, including employee access to critical financial functions.” At the time the GRC system was being implemented, it was intended to be subject to the internal control over financial reporting audit procedures.

Communications between PwC and its audit client show that the client’s head of internal audit was concerned whether the firm could provide an implementation proposal and inquired about auditor independence. The supervising partner responded that “we are absolutely permitted to implement so there will be no issues…,” even though he was aware that the firm’s independence policies did not allow it or him to implement the GRC system.[2]

Communications with the client show the disconnect between the client’s expectations and how PwC was describing its information systems services ostensibly to skirt the requirement not to perform certain nonaudit services for audit clients. An email from the then head of internal audit of the client, who objected to the description of services contained in the draft engagement letter, informed PwC that the proposed work was an implementation project that’s been outsourced to the firm.

The final engagement letter described the work on the GRC project “as performing assessments and high-level recommendations” even though an internal PwC communication had characterized the engagement as a design and implementation project.

The firm agreed to pay over $7.9 million to settle charges with the SEC that it performed prohibited nonaudit services during an audit engagement including exercising decision-making authority in the design and implementation of software relating to an audit client’s financial reporting and engaging in management functions.

SEC Proposal to Amend Auditor Independence Rules  

On December 31, 2019, the SEC proposed amendments to Rule 2-01 of Regulation S-X that would loosen independence rules with respect to the auditing of affiliates. The proposal would limit the range of audit client affiliates from which an auditor must maintain its independence by amending the definition of “affiliate of the audit client” to carve out affiliates under common control (i.e., sister entities) that are not material to the controlling entity.

The proposed rule would give auditors more discretion in assessing conflicts of interest in affiliate relationships with audit clients of the firm. The motivation for the change seems to be an analysis by the SEC that the audit firm can maintain its objectivity and impartiality (hence its independence) in these control relationships based on a materiality exception. According to SEC Chair Jay Clayton, the rules changes would “permit audit committees and [SEC] commission staff to better focus on relationships that could impair an auditor’s objectivity and impartiality,”…and avoid “spending time on potentially time-consuming audit committee review of non-substantive matters.[3]

By introducing a significance test to determine whether an affiliate is material to the controlled entity, the SEC is opting to rely on the judgment of the auditor and audit firm to determine when independence is impaired rather than strictly applying the ethics rules as written. While a materiality test applied to financial reporting issues is commonplace (i.e., to determine whether restatements to the financial statements are warranted), it has no place in ethics determinations. Any rule violation, regardless of size tests, is unethical. There should not be a material test to determine right versus wrong. Moreover, once the door is opened to making materiality judgments on independence issues, the firms may seek to use it in interpreting other rules. For example, should a firm be able to provide “non-material” contingent fee and commission-based-services to a non-audit-affiliate once it is combined with the controlling entity for which audit services are provided? The problem with establishing a materiality criterion in one rule is it becomes an ethical slippery slope for other rule interpretations.

The U.K. Experience

There has been a great deal of controversy in the UK about how best to restrict nonaudit services for audit clients. The U.K. Competition and Markets Authority (CMA), a government department in the U.K., issued a report on April 18, 2019, that recommends an operational split of audit and nonaudit services. The large firms would be split into separate operating entities with respect to auditing and consultancy functions to reduce the influence of consulting practices upon auditing divisions. The split would help to prevent potential conflicts of interest from impairing audit independence and increasing the public trust in the quality of financial statements. However, the watchdog stopped short of recommending a full break-up based on firm services.[4]

A study group report prepared on behalf of the U.K. Parliamentary Labour Party calls for a legal split between audit and nonaudit services. The group was not convinced that an operational split would go far enough, calling instead for two legally separate organizations. In essence, it calls for a structural break-up of large firms saying that it would be more effective than other options in “tackling conflicts of interest” and providing “professional skepticism needed to deliver high-quality audits.”[5]

On July 6, 2020, the Financial Reporting Council told the Big 4 accounting firms to draw up plans for an operational split by separating their audit businesses by October 23, 2020 and for the work to be completed by mid-2024. The changes do not apply to smaller firms. The regulator stopped short of ordering a full, structural breakup that would have required audit entities to be spun off into separate legal entities.

The UK experience should be looked at by the SEC to assess whether a split-off of nonaudit services and audit services operationally could work in the U.S. The profession has talked about it for many years. It may be premature to study a legal split into two entities. Given the expanding scope of prohibited nonaudit services and how they may be mischaracterized to skirt the independence rules it seems that the time is right for such a split in the U.S. to protect the interests of the public that rely on the independent audit to make investment decisions.

 

[1] (SEC, Accounting and Auditing Enforcement Release No. 3530, January 24, 2014, In the Matter of KPMG LLP, Respondent, (https://www.sec.gov/litigation/admin/2014/34-71389.pdf). The firm’s actions violated SECs Rule 201 (c)(5) and Rule 10A-2 .

[2] SEC, AAER Release No. 4085, In the Matter of Brandon Sprankle, CPA, Respondent, September 23, 2019.

[3] (“SEC Planning to Loosen Auditor Independence Rules, January 2, 2020, https://www.cfo.com/auditing/2020/01/sec-planning-to-loosen-auditor-independence-rules/).

[4]  (Competition and Markets Authority, “Statutory audit services market study,” Final Report, April 18, 2019, https://assets.publishing.service.gov.uk/media/5d03667d40f0b609ad3158c3/audit_final_report_02.pdf).