Institute of Chartered Accountants in England and Wales
24 December 2002
J G Katz Esq
Dear Mr Katz
We are writing to comment on your proposed rules issued and explained under the above title, and published in the U.S. Federal Register on 13 December 2002.
The Institute of Chartered Accountants in England and Wales has been instrumental in enhancing the quality of financial reporting and oversight thereof in the United Kingdom for many years. We set out an overview of the key steps in the last decade in this ongoing process, in Appendix A.
The Institute is also responsible, under authority delegated from the UK government, for oversight of several thousand audit firms, including those responsible for auditing almost all listed companies with additional listings on US stock markets, and UK subsidiaries of US listed companies. We therefore have a direct interest in your rules, as well as a general concern for the enhancement of global confidence in auditing through international convergence of standards.
We have been pleased to be included in discussions with SEC officials in the past, on the subject of auditor independence. You will be aware from those discussions, and from written submissions (for example our letter of 5 September 2000, file reference S7-13-00), that we are a firm advocate of a principles-based threats and safeguards approach to independence. Built within a framework of education, monitoring and enforcement, we believe that this approach offers significant advantages over a detailed rules based approach, as do such bodies as the European Commission and the International Federation of Accountants, whose code is mentioned favourably in the IOSCO paper 'Principles of Auditor Independence'. The events of the last year or so have, if anything, reinforced this view. However, we do not propose to repeat the detailed arguments here, but to address the specific changes you propose to introduce to implement your interpretation of the requirements of the Sarbanes Oxley Act ('SOA').
We have two key issues with the proposed rules which we consider in further detail in the rest of this letter:
As regards the provision by audit firms of non-audit services ('NAS') to their audit clients, you have gone to great lengths in your discussion to make it clear that the intention behind the SOA was to implement three basic principles: an auditor cannot (1) audit his or her own work; (2) perform management functions; or (3) act as an advocate for the client. You have then explained, in your analysis of the proposed changes, that compliance with these principles is the driving force behind your interpretation of the SOA's detailed requirements in this area. We strongly endorse this line of thought, and indeed, the conclusions in much of the analysis. However, we have significant concerns that the intention behind the analysis has not been carried through into the actual proposed rule changes themselves, with the result that Audit Committees are being unnecessarily prohibited from being able to make appropriate decisions, where safeguards are available to ensure there is no significant threat to independence.
We are also particularly concerned about the impact of the, in our view unnecessarily wide scope of partners to whom the proposed rotation rule applies. This requires rotation even of partners responsible for small insignificant subsidiaries and will have a significant impact in a number of areas, including specialised industries in all but the most developed economies.
Our comments on the detailed changes are set out below. In summary most of them derive from a small number of general points that lead us to propose amendments to the proposed rules:
1) The three principles underlying the requirements on the provision of NAS are nowhere to be seen in the proposed rules. We believe this misses an opportunity to make the rules watertight, and inclusion would offer a number of advantages:
2) There seems to be little acknowledgement of the concept of materiality: if a matter is insignificant to all parties there can be no unacceptable compromise to independence by definition.
We also believe it unnecessary for your proposed rules to impact upon individuals in audit firms who cannot be in a position to exercise significant influence on the opinion, either through detailed oversight by others, or because of the immateriality of what they are doing to the listed entity's group accounts. This is considered further below.
We consider that all of the requirements should be subject to an assessment of whether a reasonable investor, fully informed of the circumstances, would consider that there was any likelihood that the issue could have any influence on the audit team's judgement.
3) The rules appear to take a very broad view of what comprises an auditor's `own work'. If an auditor is performing work for a client which is mechanical in nature, does not involve any significant degree of subjectivity and for which the client takes the decisions, we would argue that this does not comprise the auditors 'own work' for these purposes. We believe that your proposed rules should clarify that such operations could safely be carried out, subject to specific safeguards to ensure compliance with the general NAS principles. This is addressed in more detail below.
4) You ask in a number of places whether exemption should be given, presumably under Section 201(b) of the SOA, for smaller providers of audit services to their audit lists. In terms of the underlying purpose of auditor independence, it is difficult to argue for exemptions for audit firms or client businesses, based purely on size. Our own guidance distinguishes only between the audit of public interest entities, where the perception of threats to independence carries greater weight, and others. As all entities over which the SEC has jurisdiction would be treated as public interest entities, there would seem to be no basis for a distinction, in your independence rules. This does not mean that smaller listed entities would not be adversely affected, for the reasons you describe. This highlights the importance of imposing restrictions only where absolutely necessary to safeguard against an unacceptable compromise to independence.
5) Again, you ask in a number of places about the impact of withdrawing certain exemptions relating to foreign companies and whether such exemptions should be restored, under section 106(c) of the SOA. We and others have commented before on the extraterritoriality aspects of the SOA and on the unintended results that follow from the application of rules designed for one legal and cultural environment to another. We note that the General Assembly of the Fédération des Experts Comptables Européens has passed a resolution urging the SEC to defer introducing any new rules for foreign issuers and their auditors until there has been a period for proper consultation and consideration. We believe there are grounds for exemptions in some circumstances, where the foreign auditors are required to follow an independence code that complies as a minimum with a recognised international code, such as those promulgated by IFAC and the European Commission and where compliance with that code is monitored and enforced by an external authority.
Our comments on detailed aspects of the proposed rule changes are set out below.
Conflicts of Interest Resulting from Employment Relationships
We have recently introduced a requirement in our own independence guidance, based on the EC Recommendation1 for a two year cooling-off period for key audit partners on the engagement, i.e. those partners in a position to influence the group audit opinion. We do not believe that it is necessary to introduce this requirement in respect of other staff, given the reduced scope for influence, so other safeguards are required in respect of other audit engagement personnel who join the client. We recognise, that your scope for change in this respect is limited by the requirements of the SOA, though there may be issues with legislation on employment restrictions, in the European Union.
Although the cooling off period in our guidance is longer than that you propose, we are not advocating an extension of the one-year period, given the wider scope within the audit firm of your proposed rule.
We note that you have asked whether the appropriate officers at the company are covered by the proposal. As your definition of Financial Reporting Oversight Role is, effectively, a principles -based definition (those who can exercise influence) rather than a detailed list, it should by definition cover all appropriate officers in all circumstances.
Our general concerns about the application of the rule as proposed are covered in the general points above. You ask whether there are other non-audit services that raise independence concerns. For the reasons noted in the general points, we believe it would be economically costly and unnecessary to extend further the list of specified NAS which are prohibited to audit clients regardless of the circumstances. By including the three NAS principles you refer to in the rule, this would obviate the need for such further lists, while ensuring that loopholes cannot be exploited
As regards the general NAS principles, we have commented above that we believe that the definition of 'own work' implied from the proposed rule is too wide for these purposes. It should relate to matters where there is a significant threat to independence, i.e. where there is subjective decision making by the auditor, when undertaking that work.
NAS: Bookkeeping, etc
It follows from our general comments above, that we believe the definition of services prohibited is too wide. The provision of 'mechanical' bookkeeping services, where the decisions are made by the client and the responsibility remains the client's, does not comprise 'own work' or management decision making by the auditor. We accept that there is a perception issue and therefore in our own guidance, such work is prohibited for public interest entities, but permitted for immaterial subsidiaries thereof provided it is of a routine clerical nature or a natural by-product of the audit process - i.e. is of a 'technical, mechanical or informative nature'.
We are concerned that the phrase `preparing statutory statements which form the basis of US GAAP statements' could be interpreted more widely than we hope is intended. In the UK, all companies have to prepare and file statutory accounts, even if subsidiaries of other companies, and it is common practice for the auditors to prepare the accounts, based on the clients own audited financial information. Usually, in the case of subsidiaries, the group consolidated statements will be prepared from an audited 'consolidation pack' or similar. We assume that in such cases, preparation of separate local statutory accounts would rightly not fall within the scope of your rule and it would be helpful if this were to be clarified.
NAS: Financial Information Systems Design & Implementation
Our guidance, in common with that in the EC Recommendation, requires that audit firms may only provide such services to their audit clients when certain specified safeguards are implemented. In substance, these safeguards 2 seek to ensure that management take all the decisions and that the auditors are therefore not going to have to review the consequences of their own decision. It follows that whether or not the auditor's independence is impaired when selecting or testing, for example, software and hardware will depend on the circumstances. If the auditor is testing standard packages and reporting those results to management for decisions, without recommendation, we cannot see that any of the three NAS principles would be breached.
You raise the issue of interpretation of 'significance' in the context of statements. As noted in our general points, we believe the concept of significance or materiality is important when considering impairment of independence. In this particular context the issue is one of auditing own work in giving an opinion on the financial statement. Accordingly, 'significant' would have to be interpreted in terms of the impact of the information generated, on the picture given by those statements. If an error in that information resulted in no significant impact on the financial statements, the threat from auditing own work cannot be material by definition, and the relevant system should not materially be considered as within the rule's scope.
NAS: Valuation and Actuarial Services
We note the inclusion of the `reasonable likelihood that the results will be subject to audit procedures' clause in the proposed rule. This is welcome as it will, rightly, exclude work that is insignificant to the statements being audited (see comments on immediately preceding item).
We have a significant concern that, as with other NAS prohibitions, the notion of what an auditor's 'own work is', has been interpreted too widely for these purposes. Our own guidance prohibits valuation services where the service relates to the valuation of amounts that are directly material to the financial statements being audited, and where the valuation involves a significant degree of subjectivity. Materiality could be construed as being addressed by your rule, if it is assumed that immaterial items would be unlikely to be subject to audit procedures. However, this depends on the interpretation placed by whomever is to be the judge of that wording. What your rule certainly does not allow for is a distinction between work involving subjective judgement, where the threat to independence from self-review is great, and work where there is no scope for judgement (for example performing pre-determined calculations from client-generated data) where the threat is insignificant. Many 'valuations' typically performed by auditors in this country would fall into this latter category. For example, UK tax law requires a fairness opinion in relation to changes in a share option scheme on completion of a rights issue, although the formula set out in the scheme documentation rarely gives any scope for judgement in this opinion. Clarification that such services were not covered by the rule provided that they complied with the three NAS principles or were immaterial, would ease the problem of conflict between the SEC's rules and those of many European countries.
Similar considerations apply to the provision of actuarial services: there may be circumstances where the prospective service has an immaterial impact on the audited financial statements or where there is no significant judgement in the process. In such circumstances the threat to independence is insignificant and absolute prohibition is unnecessary to achieve the end result.
We are pleased to note your assurance in the discussion, that the proposed rule does not prevent review by the auditors of client or third party valuations, as this is by no means clear from the wording of the proposed rule itself.
We address the issue of tax-related valuations further below, under the heading of 'NAS: Tax Services'.
NAS: Internal Audit Outsourcing
The principles behind your existing 'small company' and '40%' exemptions were hard to justify and the removal of those exemptions is logical. However, that is not to minimise the impact of this proposal, especially on small businesses, where one service provider is more common, of the more sweeping prohibition you now propose to impose. This is especially so given the current, and proper, focus on corporate governance, in which internal audit should play a significant part.
You ask a series of questions about possible limitations to the scope of the prohibition. We (in line with the guidance in the EC Recommendation) have resolved these issues with the underlying principles by including requirements similar to those for Financial Information Systems Design (q.v.). That is, the work can only be carried out with specific safeguards3 designed to ensure that management retain responsibility for the internal audit function, including all the decision making. This ensures that the auditor does not get involved in subjective issues and that the threat from self-review is therefore insignificant. At the same time, it allows the auditor to perform such work where the client considers it most appropriate, and indeed may assist the auditor in getting extra knowledge that would be useful for statutory audit purposes. The introduction of such requirements might ease the problems likely to be encountered by smaller businesses.
NAS: Management Functions
We wholly concur with requirements that auditors should not be involved in management decision-making functions. The actual and perceived threats to independence from such roles are too great to envisage safeguards other than prohibition.
You refer to the new requirement for management of SEC - registered clients to produce a statement on the effectiveness of internal financial controls and the audit firm to produce an attestation statement thereon. We consider that there may be a perceived conflict of interest in this area if the external auditor is engaged in the internal audit process. This is because, in forming their assessment, management is likely to have regard to the internal audit assessment of the internal controls. We are of the view that it is unlikely that adequate safeguards can be developed and thus the external audit firm should not participate in internal audit in these circumstances. We are considering introducing additional comment into our own guidance clarifying this.
NAS: Legal Services & Expert Services
We agree with the general requirement that an auditor should not provide advocacy services to an audit client in relation to matters relevant to the statements being audited. While it is likely that the legal services your rule covers will involve an advocacy role, it does not automatically follow. In fact, the likelihood of this will vary from country to country as national legislation differs on legal practice. We believe your proposed rule should clarify that the prohibition relates to services which involve an advocacy role and relate to matters material to the accounts. For services which do not involve these characteristics, we do not see that the key principles are breached.
Similar considerations apply to expert services.
A further issue arises in respect of the latter. In the specific case of certain legal expert witness services, the law in the UK requires experts to address their report to the Court and sets out their overriding duty to the Court rather than the client. We believe such work is acceptable, provided safeguards are in place to ensure that any potential threats to the key principles are addressed. We assume that as your proposed rule refers to `opinions for an audit client', that such work for the Court would not be prohibited and we would suggest that it be made clear that such work is permitted.
NAS: Tax Services
We note that you state `nothing in these proposed rules is intended to prohibit an accounting firm from providing tax services to its audit clients...' Indeed you go on to note Congressional intent that traditional tax preparation services should not be regarded as impairing independence. However, you suggest that auditor independence might be impaired `by the formulation of tax strategies (e.g. tax shelters) designed to minimise a company's tax obligations'. This is followed up with requests for comment on whether auditor independence is so impaired, whether there are tax services that should be prohibited and whether it is meaningful to categorise tax services into permitted and disallowed activities.
The provision of such tax services, like any other form of NAS to audit clients, must comply with the key principles for provision of NAS while maintaining independence. However:
(a) we do not believe that the management function principle is infringed provided the client takes all the key decisions;
(b) the advocacy principle would only be a threat if the audit firm were negotiating with, say, the tax authorities about a significant amount, the determination of which involves a high degree of subjectivity. In such circumstances the threat would be removed if any accounting treatment issue inherent were cleared with the engagement team first;
(c) the final and key principle here is that of not auditing own work. As referred to above, we believe that the threat to independence is significant only where such work is material to the financial statements being audited and involves subjective judgement. This will often not be the case as computations are ultimately subject to review by the IRS and must comply with their rules. We recognise that, in exceptional circumstances, uncertainty over the quantum of tax liability may have a material impact on a company's accounts. In these circumstances, an acceptable safeguard would require that the auditor should rely on a third party (probably that of a tax lawyer) opinion rather then the advice of the audit firm's tax department.
Thus, there are effective safeguards which permit the provision of tax advice by an audit firm to its audit client, without unacceptably compromising independence.
If the proposed, and as noted above, in our view unnecessary, rule on tax services contains absolute prohibitions on types of advice which may be offered, the inevitable consequence is that business will not be able to use their auditors for full and unfettered tax advice. It follows that the benefits of a multi service accountancy firm could be lost, poorer quality tax advice may result and, with taxation often being the principal non-audit service offered, it seems very likely that this would cause firms to fragment, ultimately ending up as `audit only' firms. As has been discussed elsewhere, whilst perhaps superficially attractive this would undoubtedly seriously damage the quality of the people recruited to carry out the audit and thus, the quality of the audit itself.
In addition, to require tax services to be provided by a different firm will undoubtedly lead to significant increases in client costs as audit findings and tax computation tend to be closely interlinked.
The concept of partner rotation is fully accepted and has been a requirement in the UK for listed and other public interest clients for many years. Similarly, the five-year period for the lead engagement partner is both accepted and is included in our current guidance. However, we are very concerned about the extent to which the requirement has been extended beyond that of the SOA.
Our own requirements, in common with those in the EC Recommendation, relate to key audit partners - i.e. those in a position to influence the group opinion. This covers all those partners where there can be a significant threat from familiarity, but does not unnecessarily require rotation of other partners, where alternative safeguards can be applied such as an independent partner review of the planning and key issues.
As a result of your proposed revision of the rotation requirements, all partners in the whole engagement team will be required to rotate every five years. This extension to cover those in remote subsidiaries is unnecessary in terms of the independence threat posed and impractical in locations where:
a) the audit client is in a specialised industry and there are few specialist partners available; and
b) the audit firm has a relatively small office (in practice, this will be the case in all but the most developed economies and in some regions even in those).
SEC registrant companies include many large multinational companies with complex and diverse businesses. Auditing such a company requires a deep understanding of the business, its systems, controls and people. This knowledge cannot be acquired instantaneously; a period of two or three years learning about the business is the normal requirement before a partner would be permitted to become the lead audit engagement partner. With a five-year rotation period, there simply will not be time for this learning process, with the result that audit quality will be threatened.
In introducing the five-year rotation period for public interest clients in the UK, government ministers have accepted that for partners other than the lead audit engagement partner, the period should remain at seven years. We believe it is essential that the proposed rules be amended to accommodate this if we are to avoid a reduction in the quality of auditing of many of the largest companies. You recognise that the proposed rule goes way beyond the requirements in the SOA; amended rules on the lines we propose would be entirely consistent with the Act.
We also note that technical consultation partners would appear to be included within the definition of those required to rotate. Consistency of knowledge and viewpoint is particularly important in this role, usually fulfilled by a limited number of experts, and compulsory rotation could cause severe practical problems, again leading to reduced audit quality
We agree that it is not necessary to extend compulsory rotation beyond partner level, though audit firms should recognise that a familiarity threat exists for all senior audit staff. We believe it is sufficient to require alternative safeguards (internal or external review, impact of partner rotation, etc).
There may be audit firms that audit listed entities in the US, which are of such a small size that partner rotation is not practicable. This tends not to be the case in the UK, but small audit firms do audit other forms of public interest entity. Accordingly, we do permit alternative safeguards (internal review plus at least annual external consultation) in such circumstances.
Audit Committee Administration
The proposed rule on pre-approval of NAS seems practicable and is in line with the current, and correct, emphasis on the role of Audit Committee. The corporate governance code in the UK is under review and we have suggested that Audit Committees be responsible for approval of policy and contracts re NAS.
We agree with the inclusion of a de minimus threshold: by definition immaterial items do not result in a significant threat to independence. We also believe that specific exemptions for foreign filers are unnecessary in this particular circumstance, provided proposed rule 210.2-01(c)(7) (ii)(B) is retained, allowing pre-approval policies and procedures to be set up. In a large and / or multi-national organisation, pre- approval of every individual service would be totally impracticable. Provided the policies and procedures are sensibly drawn-up, this should not impair independence safeguards.
One of the core threats to independence is that of self-interest, which necessarily requires a firm/office/partner not be unduly dependent on any one audit client.
The principle underlying your proposed rule that audit partners should not be directly financially rewarded for promoting or performing NAS for their audit clients, follows from this.
Assuming that the interpretation placed on the proposed rule is to prevent rewards for such services disproportionate to profit share, we concur with the proposed rule. However, the rule could be interpreted as prohibiting any form of profit share, as profits will generally increase on provision of NAS. Ultimately, all partners income depends on profits. If that wider interpretation were applied, particularly in medium/smaller practices, where income is often a straight percentage of overall profit, most of those partnerships would be disallowed from providing audit services. We believe that it would be useful to elaborate that the intention is to prohibit compensation arrangements that include elements directly benefiting from the performance or provision of NAS to audit clients.
Communication with Audit Committees
UK auditing standards already require communication of key issues to the Audit Committees of listed entities and we endorse the general thrust of your proposed rule. There are, however, a couple of practical points:
Disclosure: Principal Accountants Fees
UK company law has required disclosure of fees paid to the auditors for NAS for some years. We have advocated analysis of such fees and endorse the outline of your proposed rule. We see, however, little point in the disclosure of the percentage of fees pre-approved, given your proposed rule in that area. The requirement seems to cast doubt on the legitimacy of the arrangements to render the service 'pursuant to pre-approval policies and procedures': either this is an acceptable alternative to detailed pre-approval (as we believe it to be - see above) or it is not.
We have explained above our serious concern about the potential impact on audit quality of the broad basis of the proposed rule on partner rotation. To the extent that, representation notwithstanding, the final rule in this area goes beyond the provisions of the SOA, it is vital that a sensible transitional period is allowed for full implementation of the rule: perhaps two to three years in order to allow current succession planning to work through and permit an orderly retention of cumulative audit knowledge.
We will be pleased to discuss any of these issues with you.
Institute actions to enhance the quality of financial reporting
Following a number of large corporate failures in the United Kingdom in the recession of the early 1990s, it became apparent that action needed to be taken on a number of fronts to ensure the right basic foundations were in place for a financial reporting system: a sound accountancy framework, firm audit enforcement and proper corporate governance:
The Institute became one of the first professional bodies in Europe to adopt the detailed provisions of the EC Recommendation, where they differed from our existing guidance, with effect from 1 November 2002.
Extracts from auditor independence guidance, ICAEW
Required safeguards in respect of the provision of design and / or implementation services to audit clients in respect of financial information technology systems
The significance of the self-review threat is considered too high to permit an audit firm or one of its network* firms to provide such FITS services unless:
(a) the audit client's management acknowledge in writing that they take responsibility for the overall system of internal control;
(b) the auditor is satisfied that the audit client's management is not relying on the FITS work as the primary basis for determining the adequacy of its internal controls and financial reporting systems;
(c) in the case of a FITS design project, the service provided involves design to specifications set by the audit client's management; and
(d) the FITS services do not constitute a `turn key' project (i.e. a project that consists of software design, hardware configuration and the implementation of both), unless the audit client or its management explicitly confirms in the written acknowledgement required under (a) that they take responsibility for:
(i) the design, implementation and evaluation process, including any decision thereon; and
(ii) the operation of the system, including the data used or generated by the system.
Required safeguards in respect of the provision of internal audit services to audit clients
To mitigate self-review threats when involved in an audit client's internal audit task the auditor should:
(a) be satisfied that the audit client's management or Audit Committee (or equivalent) is at all times responsible for:
(i) the overall system of internal control (i.e. the establishment and maintenance of internal controls, including the day to day controls and processes in relation to the authorisation, execution and recording of accounting transactions);
(ii) determining the scope, risk and frequency of the internal audit procedures to be performed; and
(iii) considering and acting on the findings and recommendations provided by internal audit or during the course of an audit.
If the auditor is not satisfied that this is the case, the only adequate safeguard would be for the audit firm and any entity within its network* to refuse the audit client's internal audit engagement.
(b) not accept the outcomes of internal auditing processes for statutory audit purposes without adequate review.