January 13, 2003
Mr. Jonathan G. Katz, Secretary
Re: File No. S7-49-02 Strengthening the Commission's Requirements Regarding Auditor Independence
Dear Mr. Katz,
Parson Consulting is a leading no conflict financial management consultancy headquartered in Chicago, serving clients in the United States and United Kingdom. Our client base includes over a third of the Fortune 1,000 (who are impacted by the reforms mandated by Sarbanes Oxley), as well as privately held enterprises. Our business is concentrated in helping accounting and finance organizations improve the speed, reliability and efficiency of their finance and business support functions, including those activities that may relate to transaction processing and financial reporting. We accomplish this through three principal service lines: Business Process Engineering, Business Technology and Operational Support Services. Our Services are delivered by experienced consultants who, in prior phases of their careers, served in a variety of industries in roles such as CFO, Director of Finance and Controller.
Recognition of current initiatives, suggestion of additional actions
We applaud the recent actions of the Congress, the Commission, and the securities exchanges to enhance safeguards and improve the integrity of the capital markets. We believe that the recent codification of standards and guidance regarding corporate governance and auditor independence are good starting points. We have concerns, however, that the proposed rules regarding auditor independence may not be sufficient to address the systemic weaknesses which have contributed to near catastrophic losses investors. Our concerns are based upon the following factors contributing to independence challenges:
Our concerns are heightened by a review of the questions to which the Commission is seeking commentary. It appears to us from the questions that the Commission may be inclined to be more permissive as it relates to auditor independence. Additionally, we believe that the introduction of exceptions, exemptions and clarifications would introduce more complexity to the already difficult task of enforcement and preservation of auditor independence. We fear that such complexity would further undermine investor confidence in the capital markets, service providers, legislators and regulators. Therefore, we urge the Commission to adopt the strictest interpretation of both the letter and spirit of the law, reject any liberalization of the requirements of the Sarbanes-Oxley Act and implement regulations that would:
For the purposes of our discussion, we define audit service to mean the application of analytical and investigative procedures applied to financial statements for the purpose of expressing an opinion as to the fairness of the financial statements in conformity with Generally Accepted Accounting Procedures. This would include limited opinion engagements (review services) as well.
Our suggestion is grounded in a fundamental belief that auditors should do audits and nothing else as it relates to registrants.
We believe the rationale for this suggestion was best expressed in the former Public Oversight Board Panel on Audit Effectiveness Report and Recommendations August 31, 2000 (O'Malley Report), Chapter 5, Statement Supporting an Exclusionary Ban on Non-Audit Services, excerpted as follows:
"Some members of the Panel believe that, with very limited exceptions, audit firms and their affiliates should be excluded by rule from marketing and furnishing management services to their audit clients that do not directly advance the interests of investors in objective and reliable financial reports on the stewardship of management. This position rests on the belief of these Panel members in (a) the central importance of independence to the profession of auditing in general, and to the effectiveness of the audit process in particular, and (b) the severe and growing challenges to independence that the audit profession faces in the current environment"
The report further positioned:
"Of fundamental importance in understanding the conflict of interest that arises from the provision of non-audit services to audit clients is the fact that in so doing the audit firm is really serving two different sets of clients: management in the case of management consulting services ("MCS"), and the audit committee, the shareholders and all those who rely on the audited financials and the firm's opinion in deciding whether to invest, in the case of the audit. The firm is a fiduciary in respect to each of these client groups, duty-bound to serve with undivided loyalty. It is obvious that in serving these different clients the firm is subject to conflicts of interest that tear at the fragile fabric of loyalty owed to one client or the other. And it is equally obvious that the existence of dual loyalties creates a serious appearance problem, regardless of whether, in particular cases, the fabric actually tears apart or not"
With respect to the suggestion that a review and approval by the audit committee of non-audit services by the auditor, members supporting an exclusionary approach stated:
"No one has suggested that the audit committee can be a substitute for clear rules where the problem of conflicts is most serious. Thus, for example there is no suggestion that the audit committee be charged with discretion to assess independence despite the existence of financial interests by the audit firm in its audit client. Stock or other financial interests in one's audit client have long been viewed as creating too clear a conflict of interest to become the subject of discretion. The need for an exclusionary rule on non-audit services is rooted in the same ground: prospective revenues from the provision of non-audit services, extending into the future, create precisely the kind of financial stake that produces a conflict of interest capable of impairing independence."
In offering these excerpts, we acknowledge that the panel members did not all agree with the suggestions excerpted above. We believe however, that the events occurring since the publication of the O'Malley Report confirm what some panelists feared and the continuation of conditions existent at the time of the publication of the report supports the adoption of an exclusionary rule.
In addition to the arguments described in the O'Malley report, we submit that:
We recognize that the suggestion we are making clearly goes beyond the rules currently being proposed by the Commission. We also acknowledge that such a proposal is bound to be met with considerable opposition. Nonetheless, we believe that the suggestion merits discussion, perhaps in combination with the prescription by the Sarbanes Oxley Act for the General Accounting Office (GAO) to conduct a study and report regarding consolidation of public accounting firms.
Public Policy benefits of adopting stringent rules
We believe that the adoption of a stringent view of auditor independence as suggested in this letter would result in many benefits to registrants, investors, oversight authorities and auditing firms. Benefits that are available include:
Response to objections to proposals
Previous debate regarding the effect of non-audit services on independence has typically resulted in arguments against significant change. Two objections often raised are:
Thank you for the opportunity to contribute to the discussion of this important issue. We have provided responses to select questions of the Commission in the Appendix to this letter. Should the Commission be interested in accessing our management for clarification of the suggestions in this letter, we can be reached at 312-541-4690.
Should an auditor be permitted to provide bookkeeping services to an audit client if it is not reasonably likely that the results of those services will be subject to audit procedures during the audit of the client's financial statements? Why or why not?
Is the standard of reasonably likely sufficiently clear? If not, should we use some other standard? If so, what standard should we use?
Response: We do not believe that an auditor should be permitted to provide bookkeeping services, due to the difficulty in determining "reasonably likely", and the potential for violation of the first principle, i.e. an audit firm should not audit its own work.
Is an auditor's independence impaired when the auditor helps select or test computer software and hardware systems that generate financial data used in or underlying the financial statements? Why or why not?
Response: In our view, assisting in the selection of computer software and hardware systems would be an impairment of auditor independence, much in the same way that performing human resource services would; the auditor would develop a vested interest in the appropriateness of the selection of the software and hardware and may be put in a position to admit or defend a poor choice at the risk of losing the client.
Whether a system is used to generate information that is "significant" to the audit client's financial statements may depend on the size of the engagement. Does the magnitude as a percentage of either audit fees or total fees of the fees for such services make a difference on whether performance of the service impairs independence?
Response: The significance of information in relation to financial statements is not related to magnitude of fees, however measured. Again, for reasons described in our main letter, we believe to allow exceptions based on subjective or difficult to interpret standards defeats the intent of the recently enacted legislation.
Does it impair an auditor's independence if the auditor does not provide to the client outsourcing services related to the internal audit function of the audit client, but rather performs individual audit projects for the client?
Would it impair the auditor's independence if the auditor performs only operational audits that are unrelated to the internal controls, financial systems, or financial statements?
Is additional guidance necessary to distinguish the services that would be prohibited under this proposed rule from those services that would be permitted as operational audits?
Response: In accordance with the arguments presented in the body of our letter, and with respect to the four broad principles cited by Congress and the Commission, we believe any engagement, not directly related to the performance of the audit performed with respect to the financial statements filed with the Commission, or other permitted attest services (comfort letter, etc.) is an impairment of independence. Internal Audit is Internal Audit, period. A series of engagements, separately undertaken but linked to the same strategic objective is Internal Audit. External auditor involvement in operational assessments to determine effectiveness or efficiency puts the auditor in a position of serving as an extension of management. Today, there are simply too many qualified alternatives to allow the risk of impairing independence.
Do services related to designing or implementing internal accounting controls and risk management controls result in the auditor auditing his or her own work? Would such services impair an auditor's independence when the auditor is required to issue an opinion on the effectiveness of the control systems that he or she designed or implemented?
Response: Such services clearly impair the independence of the auditor and would result in the auditor auditing his or her own work, in the same way that providing bookkeeping services or designing, implementing or operating a client's information systems would. Auditors should work with the client and other service providers to determine effectiveness but should leave the implementation to others.
Do services related to assessing or recommending improvements to internal accounting controls and risk management controls result in the auditor auditing his or her own work? Would such services impair an auditor's independence when the auditor is required to issue an attestation report on the effectiveness of the control systems that he or she has assessed or evaluated for effectiveness?
Response: Auditors should be encouraged to make suggestions regarding improved controls, but should not participate in the implementation of the improvements. We do not believe there is independence impairment related to the effectiveness attestation, as long as management's effectiveness assessment is separate and not dependent upon the external auditors.
We request comment on whether there are circumstances under which an accounting firm can perform or assume management functions or responsibilities for an audit client without impairing independence?
Response: We do not believe there are any circumstances under which this is possible.
Should the Commission create other exceptions (beyond the de minimis exception) that would allow an audit committee to adopt a policy that contracts that are recurring (e.g., due diligence engagements in connection with a series of insignificant acquisitions) and less than a stated dollar amount (such as $25,000) or less than a stated percentage of annual revenues (such as 1% or 5%) could be entered into by management and would be reviewed by the audit committee at its next periodic meeting?
Is allowing the audit committee to engage an auditor to perform non-audit services by policies and procedures, rather than a separate vote for each service, appropriate? If so, how do we ensure that audit committees have rigorous, detailed procedures and do not, in essence, delegate that authority to management?
Response: We do not believe exceptions such as those described above would be consistent with the goals of enhanced governance and improved auditor independence. Furthermore, engagement by policies and procedures opens up too many opportunities for the purpose of audit committee participation to be subverted.
Should more or fewer aspects be left to the discretion of the audit committee?
Response: We believe that the audit committee decision should be as simple and straightforward as possible.
What, if any, audit committee policies and procedures should be mandated to enhance auditor independence, interaction between auditors and the audit committee, and communications between and among audit committee members, internal audit staff, senior management and the outside auditor?
Response: We believe that audit committee members that hold executive officer positions with other registrants be precluded from advising on or participating in the decision to engage an audit firm for any service, for any registrant, if the proposed service provider is engaged as auditor or provider of non-audit services for the registrant in which the committee member serves as an executive officer.
Would expansion of the proxy disclosure of professional fees paid to the independent auditor from three categories to four provide more useful information to investors?
Are the new categories of disclosure appropriate? Are they well defined, or should they be more accurately defined? Should there be additional (or fewer) categories?
Response: Assuming the Commission is going to allow auditors to provide such services, the categories of disclosure are appropriate and accurately defined.
Is disclosure of two years of fees appropriate? Should the proposed additional fee disclosures be expanded to three years or remain at one year?
Response: Yes, two years is appropriate.