Who audits the auditor? According to SEC rules, it's the audit committee
In the thick of last year’s proxy season, Calpers told its portfolio companies – some 3,000 firms – that it would oppose the election of directors who, as audit committee members, had authorized their company’s auditor to perform non-audit services. That policy roiled the world of corporate governance and added to the heightened sense of uncertainty over the very hot topic of auditor independence.
The SEC helped clarify the issue in January when it issued new rules on auditor independence, requiring audit committee approval of all audit services and disclosure. It also reiterated and expanded a range of prohibited non-audit services. But other non-audit areas, such as tax compliance and planning, were not covered.
Such services may now be in jeopardy. The Public Company Accounting Oversight Board (PCAOB) recently held a roundtable on the topic with critics saying such non-audit work precludes independence. Further clouding the future is the SEC’s announcement of the possibility of the board becoming the nation’s primary regulator on auditor-independence issues, a role held by the commission at the present time.
The PCAOB is mum on its intentions. ‘The roundtable was very much a fact-finding exercise. There’s been no follow-up,’ says spokesman Mike Shikuey. In August, the board released portions of its first annual report on the big four firms. As its chairman William McDonough noted, this turned up ‘significant audit and accounting issues’. Details remain confidential, but KPMG disclosed the PCAOB’s finding that it had accepted fees from independent audit clients based on how much in taxes it helped them save. The firm says it has now revised its contingency fee policies.
To the purists, any service outside the scope of the audit work is a no-no. After all, it was only a few years ago Enron paid its auditor, Arthur Andersen, more for non-audit services than it did for audit services, a trend repeated by most of the companies surveyed by the Investor Responsibility Research Center (IRRC) in 2002.
Trying to ensure auditor independence is no easy task, and even those with good intentions have stumbled along the way. Calpers has come under fire for what some view as an unreasonable stance, and has since said it will consider easing its policy for next year’s proxy season. But the pension fund also notes improvements in the amounts companies are paying for non-audit services, evidence of which seems to be borne out in recent studies.
Taxes and Section 404
Few would disagree that diminishing fees for non-audit work is a good thing for corporate America. But there are many who believe auditors can provide useful and necessary tax preparation and advisory services. The same can be said of fees paid to auditors for work related to compliance with Section 404 of Sarbanes-Oxley, which the SEC adopted last year, covering management’s report on internal control over financial reporting. The rule took effect for fiscal years ending on or after June 15, 2004.
The easiest thing for a company to do is to have its outside auditor do only audit work. But auditors have to gain an extreme knowledge of their client in order to conduct a proper audit. ‘For a company to spend all that money making the auditor intimately familiar with the business, and then not use that knowledge, could be viewed as wasteful,’ says David Lifson, a partner at Hays & Company, an auditor registered with the PCAOB.
This premise, that auditors hold unique positions of expertise, is one the SEC acknowledged with respect to Section 404 requirements on internal controls. The commission accepts that outside auditors can provide useful assistance to the audit clients to prepare and comply with Section 404. But it has made it clear that when it comes time for the attestation on the audit controls, the auditor cannot audit its own work.
‘We would rather not see companies using their external auditors for their tax work,’ says Randi Schultz, research analyst at Glass, Lewis & Co, a San Francisco-based institutional investor advisory. ‘Tax planning, tax strategies, assistance defending tax positions on audits, expat taxes – with any of these services, we’d be concerned, regardless of the dollar value of the services. Even with respect to the internal controls, it can affect auditors’ independence.’
Customer relationship management software firm E.piphany is taking that sentiment to heart. It has reduced the amount of non-audit fees, both ‘audit-related’ and tax fees, which, like at many companies, are split into two separate lines in its audit fee proxy disclosure. (Glass, Lewis & Co treated both audit-related and tax fees as non-audit fees in its survey.)
‘We have an outside party, other than our independent auditor, providing consulting to help us prepare for our Section 404 compliance,’ explains Andy Sherman, SVP, general counsel and secretary at E.piphany. ‘We work closely with our auditor to ensure it is familiar with and understands the system and compliance activities, and is in a better position to engage in its attestation of our reports at the end of the year.’
Sherman acknowledges taxes are an area of controversy; E.piphany reduced the amount it paid its auditor for tax fees to $30,000 in 2003, down from $85,000 in 2002. Total fees paid to its auditor were $371,000 in 2003, with audit fees accounting for $321,000 of the total.
‘We have historically used our auditor for limited tax services,’ Sherman says. ‘There are those who believe any services other than audit services can impair independence. We take governance very seriously, and set the bar extremely high, and we do look for third parties to provide services that are not audit or audit-related.’
A framework to ensure independence
In requiring the audit committee to preapprove all audit and non-audit services, the SEC mandated a framework many say is critical to rehabilitating the auditor-issuer relationship tarnished in the eyes of the public.
DECLINE AND FALL OF NON-AUDIT FEES
|Glass, Lewis & Co, a San Francisco-based institutional investor advisory firm, reviewed audit and non-audit fees paid in 2003 and 2002 by 2,250 public companies, including 461 of the Fortune 500.
‘We found fees paid to auditors for non-audit work declined overall last year,’ says Randi Schultz, research analyst at Glass, Lewis & Co. ‘The study showed, for example, that fees paid for tax work as a percentage of audit fees fell, on average, to 43 percent last year, down from 57 percent in 2002.’
For Lifson, it is appropriate for companies to engage their auditors for such services as tax planning, as long as the company and its audit committee can handle such a relationship.
‘If the corporate secretary feels there is an infrastructure – such as tax strategies – enabling the company to take advice and make its own decision, then it makes sense,’ he points out. ‘If the company is going to blindly follow advice, it shouldn’t get it from its auditors. I think the corporate secretary needs to make sure the level and nature of advice is not overpowering the enterprise, something the audit committee needs to evaluate. Auditors have a responsibility to ensure they don’t create an environment where they’re auditing their own work.’
Companies are indeed taking far greater care in reviewing auditor services, and corporate secretaries are playing a bigger role in helping to strengthen the process. Some, such as McDonald’s, disclose their preapproval processes for audit and non-audit services on their web sites.
At investment bank Friedman Billings Ramsey, the CFO and audit committee review auditor services and are in touch with each other frequently. And while some audit committees preapprove services on a categorical basis, Friedman Billings Ramsey’s audit committee preapproves all services on a case-by-case basis.
‘I think it falls to the corporate secretary to make sure there is an appropriate record of review, so if there is something that needs to be reviewed by the committee it can be done easily,’ explains Cathy Sigalas, associate general counsel and corporate secretary of the Arlington, Virginia-based company. ‘One challenge is staying on top of informal or unscheduled meetings. You have to be proactive to keep track of these kinds of activities and the resulting decisions. I do that by staying in touch with the CFO and audit committee chair.’
PricewaterhouseCoopers (PwC), Friedman Billings Ramsey’s auditor, generally provides only audit and audit-related services, but the company’s audit committee approved PwC providing limited tax preparation services, though the work is related solely to the company’s investment partnerships, for which the company is a general partner.
‘PwC provides the tax preparation, but that service is reviewed by our audit committee. We disclose the specific fees we pay and the related services in our proxy,’ says Sigalas.
David Hardison, a partner at the international law firm Fried, Frank, Harris, Shriver & Jacobson, agrees corporate secretaries and audit committees need to consider the possibility that services provided by an auditor might be questioned in the future.
‘They need to show they’ve considered the propriety of the services and documented their analysis appropriately,’ Hardison says. ‘We also advise clients that if they receive a proposal from their outside accounting firm in an area where the current rules aren’t entirely clear – such as services to assist with compliance under Section 404 – they should make sure the national office of the audit firm has been consulted and has signed off on the service.’
According to this new report from NAVEX Global, there has been a rise in employees reporting compliance and ethics problems in recent years, and the percentage of repeat reports has more than doubled over the last five years.
Find out why and discover a range of other key statistics to benchmark your compliance program against industry standards by downloading this free report today.
This briefing contains statistics and analysis on employee reports of problems via a range of helpline methods, including:
This data comes from more than 8,000 NAVEX Global clients and provides actionable insights for policy management, training, awareness, and more.
Helpline data that is carefully tracked, reviewed, benchmarked and presented with context often provides the early warning signs needed to detect, prevent and resolve problems.
Our free weekly email newsletters are an essential bulletin of GRC updates, insight and information.
Our experienced journalists provide relevant, timely information and analysis that will keep you at the forefront of industry developments and best practice.
Sign-up to receive your copy when you register with the Corporate Secretary website for free.