|The Institute of
William G. Bishop III, CIA
Tel: +1 407 937 1200
November 25, 2002
Mr. Jonathan G. Katz, Secretary
U. S. Securities and Exchange Commission
450 Fifth Street, NW
Washington, DC 20549-0609
VIA E-MAIL: firstname.lastname@example.org
RE: Proposed Rules for Improper Influence on Conduct of Audits
Dear Mr. Katz:
The Institute of Internal Auditors (IIA) appreciates the opportunity to comment on the SEC's proposed rules for Improper Influence on Conduct of Audits. The IIA supports this initiative to enhance corporate accountability and improve governance processes for public companies. We are supportive of the changes you have proposed to preclude rendering materially misleading financial statements. However, we believe there is a key element missing from the rules as drafted.
The proposed rules will make it unlawful for officers and directors of public companies, or those working under their direction, to fraudulently influence, coerce, manipulate, or mislead any "independent public accountant or certified accountant" engaged in the performance of an audit of the financial statements. The missing element involves the work of those upon which independent public accountants may be relying, namely, internal auditors, in coordinated efforts related to an audit of the financial statements. In most organizations where there is an established internal auditing function it is common practice for the external auditors to place reliance on the work performed during the year by internal auditors. Therefore the provisions of the proposed rules should extend to those upon whose work the external auditors may be relying. In addition to internal auditors there may be others, such as appraisers, actuaries, and tax consultants, where external auditors elect to rely upon their work product.
In instances of outsourced internal auditing to third parties, including other independent public accountants, the common practice is for the external auditor of the financial statements to place reliance on the work performed by these other third parties during the period under audit. In order to ensure the integrity and credibility of information generated in support of financial statement audits the protection granted to external auditors should be extended to those parties whom the external auditors must rely for coordinated services.
The IIA recommends that the proposed wording be extended by modification of the terms as follows: "independent public accountant, certified accountant, internal auditor, or other providers of information in support of financial statement audits."
To ensure the work of those providing internal auditing services is credible and performed with appropriate due diligence, the SEC should require that such services be performed in accordance with The IIA's Standards for the Professional Practice of Internal Auditing (Standards). The Standards are incorporated into a professional practices framework that includes a code of ethics, practice advisories that interpret the Standards, and development and practice aids to provide detailed guidance on how to implement the Standards.
The IIA's Standards have been developed and updated through due process over the IIA's 60 years of existence and they are accepted as the basis for practice by our 80,000 worldwide members. Internal auditors, external auditors, and government organizations universally accept the IIA's Standards as the preferred methodology for the practice of internal auditing. This wide acceptance clearly establishes the basis from which to define internal auditing.
While The IIA believes that internal audit functions housed within the organization are most effective, we realize that in some situations it may be appropriate to obtain internal audit services from third party providers. In any situation, The IIA believes internal auditing best addresses management's strategic objectives when internal audits are performed by competent professionals in accordance with professional standards and rules of conduct requiring independence, due professional care, and effective quality assurance mechanisms. Compliance with The IIA's Standards, regardless of who provides the service, will ensure that these objectives are met.
In conclusion, The Institute of Internal Auditors believes that internal auditors, the board, senior management, and external auditors are the cornerstones of the foundation on which effective corporate governance must be built. All publicly traded companies should have a fully resourced, independent internal audit function that is professionally staffed and chartered to evaluate the risk management, control, and governance processes. I would like to suggest that we at the IIA work with the SEC to establish our Standards as the benchmark for good internal auditing. We recommend that the SEC recognize our Standards (there are no others) and we would be willing to provide copies to all public companies.
William G. Bishop III, CIA