Here’s a situation many finance chiefs have faced: I am the CFO of a publicly traded company. As my team and I were preparing a draft of the 10-K and the company’s annual earnings release, I received a call from our lead audit partner informing me that an auditor independence violation occurred.
It might have been “a minor matter concerning some legal services for a new subsidiary in Greece” or “your most recent acquisition has a business relationship with our most recent client acquisition.” The audit partner states that his firm believes, notwithstanding the independence violation, that the firm performed the audit with objective and impartial judgment.
What should the CFO do? Who should she or he discuss this matter with? What should the company have done differently? What’s the audit committee’s responsibility?
Why is Auditor Independence Important?
Consider the following comments made at the 2013 AICPA Conference on Current SEC and PCAOB Developments in Washington D.C.
- “…[L]et me reinforce why maintaining independence is a shared responsibility… if you have not done so recently, I’d suggest reflecting on whether improvements to policies and procedures are appropriate…”—Brian Croteau, deputy chief accountant, Securities and Exchange Commission
- “We are also focused on investigating independence violations.” — Andrew Ceresney, Director of Enforcement, SEC
In 2014 the SEC concluded enforcement actions against several large CPA firms and individual audit partners relating to auditor independence matters. Other independence violations self-identified by CPA firms or clients have been in the news. (See Box, “Recent Auditor Independence Violations,” below.)
While the focus has been on the CPA firm, consequences exist for issuers too. Initial public offerings have been delayed while auditor independence matters are resolved or new auditors are engaged. Independence violations have also required companies to have their previously filed financial statements withdrawn and re-audited by another firm.
Auditor independence violations can spawn significant costs, distract management, limit a company’s access to the capital markets and harm current and potential investors. And, if it is determined that the issuer was culpable in the independence violation, there could be enforcement actions against the company and its management.
PCAOB Unearths Lapses
The Public Company Accounting Oversight Board has been active in this area, including issuing a report noting that a high percentage of their reviews of audits of broker-dealers or asset managers identified auditor independence issues.
Under PCAOB standards the auditor must issue a communication annually to the client’s audit committee containing an affirmation that the audit firm is independent. The report of the audit committee contained in the company’s proxy statement typically contains an affirmation that the “audit committee has received the required annual written communication from the independent registered public accounting firm concerning the firm’s independence.”
One of the many responsibilities of the audit committee is “to “review the performance and qualifications of the independent registered public accounting firm (including its independence),” according to a March 17 proxy statement by Verizon Corp. Similar language can be found in the proxy statements of many SEC issuers.
Audit firms do not take these affirmations lightly. The authors understand that in most cases the audit engagement team has completed prescribed procedures before representations are made and the communications issued.
But what must the audit committee do to assess and analyze these conclusions before approving the inclusion of the auditors’ report on the financial statements in the company’s 10-K?
We believe that audit committees should determine that their companies have policies, procedures and processes concerning auditor independence and that they are adequate and functioning properly.
What Should Management Do?
Most large auditing firms have policies, systems and controls to try to avoid independence violations. These operate on a “prevent” basis. In other words, they serve to prevent independence violations from occurring by requiring certain internal approvals and reviews of transactions and services that have independence implications. Firms also have “detect” controls that monitor compliance with these rules and, through lessons learned, improve their prevent controls.
Issuers should develop their own independence policies and procedures and test their effectiveness. Indeed, the SEC’s Ceresney acknowledged the critical role that auditors and audit committees play in the financial reporting process. He also fairly explicitly warned that both audit committees and auditors would be held accountable for “failing to recognize red flags.”
Senior company executives should undertake an assessment of their own internal independence procedures to ensure that they complement the procedures that the audit firm undertakes. Certain activities will serve to enhance those procedures, while others will provide a basis for the company to make its own assessment of the auditor’s independence. This responsibility lies with management, with oversight by the audit committee.
It is clearly a responsibility that both management and the audit committee should not take likely. Further, the assessment should not be made by solely relying on the procedures and policies of the audit firm. While the audit firm has a great deal at stake, the reputation of the company and the audit committee are equally at risk in this highly complex and high-profile environment.
What’s a CFO to Do?
Company leaders, especially CFOs, must understand the nature of the violation, its root cause and whether it could have been prevented by actions of the company. While the independence regulations are both rules-based and principles-based, there are no exceptions for immateriality in terms of dollars or subject matter.
Auditors must be independent both in fact and in appearance. It is key for the finance chief, other senior managers and the audit committee to reach their own assessments regarding the nature of the violation and its impact on the auditor’s independence. The finance chief’s assessment should be a thorough and detailed analysis, not merely a concurrence with the audit partner’s point of view.
Sometimes independent investigations may be required to assure the audit committee that it has all the relevant information needed to make its determination. And, many times, this all has to occur in a time-crunched environment. But more importantly, establishing company-wide procedures concerning the relation of the C-suite with the company’s audit firm, and determining that such procedures are functioning properly, can perhaps prevent those unpleasant calls from occurring.
Jay Bornstein is a retired Ernst & Young tax partner and Steve Blowers is a retired E&Y audit partner.