|
|
|
EUROPEAN COMMISSION
Internal Market
Director General |
| |
|
Brussels, 13 January 2003
Internal Market DG/EVDP D(2003) 16
Jonathan G. Katz
Secretary
U.S. Securities and Exchange Commission
450 Fifth Street NW
Washington DC 20549-0609
United States of America
|
Dear Mr. Katz,
Subject: Comments on proposed rule on auditor independence, file N° S7-49-02
We thank you for the opportunity to comment on the proposed rules on auditor independence under title II of the Sarbanes-Oxley Act (SOA). We make the following comments as part of a constructive regulatory dialogue between the United States and the European Union because the Act also has important effects on US-listed EU companies and EU auditors.
The adoption of the Sarbanes-Oxley Act is a US reaction to US financial reporting scandals. The Act aims at restoring investors' confidence in US capital markets. The European Commission and our 15 Member States share these concerns and support the objectives and many measures of the Act, because investor protection is equally important for the European Union and its Member States, as it is for the United States.
While the US authorities rightfully expect the same standards of conduct from companies raising capital on American markets irrespective of whether they are domiciled in the United States or overseas, they are not necessarily better placed than the European Union and its Member States to establish precise rules that ought to apply to companies and their auditors domiciled in the European Union. We believe that starting from the same objectives, the EU and US should set their own respective regulatory frameworks and set their own high quality standards for the proper functioning of their own capital markets. Only tailored regulatory solutions can fully accommodate the different legal environments in the EU and US.
We are aware that this may lead to some differences with the detailed provisions of the Sarbanes-Oxley Act or SEC rules but through equivalent approaches the same objectives can be met.
The European Commission Recommendation on auditor independence is a prime example of such an equivalent approach. It has been extensively developed with 15 Member States' experts and interested parties after more than two years of detailed discussions. It was adopted by the European Commission in May 2002. After careful consideration, the European Commission has chosen a principles based, risk-safeguard approach that deals with all situations, including any as yet unforeseen.
For the following reasons, the European Commission Recommendation is, at least, equivalent to the SEC proposed rule on auditor independence because :
(i) It is all encompassing. The key point of our Recommendation is simple: the statutory auditor should not carry out a statutory audit if there are any financial, business, employment or other relationships between him and his client (including the provision of non audit services) that would compromise his independence. This is a powerful, all encompassing statement, applicable to all audit situations.
(ii) It covers the same issues. The Recommendation and the SEC proposed rule cover exactly the same issues of concern on auditor independence. In this respect both approaches require that auditors will be and, as importantly, are seen to be independent thereby enhancing trust in their audit opinion. The rules (safeguards) arrived at under the 2 approaches differ sometimes marginally but are equally effective. Moreover, it should be emphasised that there is no absolute and universal truth in determining in detail what would lead an auditor to be "non-independent". Even investors in the same company may have different views on this.
(iii) It is internationally acceptable. The Recommendation is also consistent with the IOSCO statement on auditor independence that recognises the principles based risk-safeguard approach of the IFAC code of ethics with which the EU Recommendation is fully in line. We note that the proposed rule applies less consistently the risk-safeguard model than either the current SEC rule or the European Commission Recommendation. As a consequence it will increase the number of marginal differences with the European Commission Recommendation but also with the IFAC (International Federation of Accountants) code of ethics, a step in the wrong direction from a transatlantic and global capital market perspective.
(iv) It is flexible enough to overcome conflicts of law and unnecessary burdens. One of the conclusions from the SEC International Roundtable on Auditor Independence of 17 December 2002 was that only (a properly enforced) principles based, risk-safeguard approach to auditor independence is able to overcome conflicts of law and to prevent unnecessary operational burdens, whilst ensuring auditor independence to investors and other stakeholders.
(v) It is being implemented in all our 15 Member States.
Virtually all Member States are making rapid progress with the implementation of the Commission Recommendation on auditor independence. Implementation is monitored by the EU Committee on Auditing and three years after adoption (2005) the European Commission will assess the implementation in practice of the Recommendation by Member States.
As a consequence of these points, we would like to see an exemption for all EU auditors from the proposed SEC rule on auditor independence.
* * *
Representatives of the European Commission and several Member States participated in the SEC International Roundtable on Auditor Independence on 17 December 2002 in Washington D.C. pointed out to SEC Commissioners the conflicts of law and demonstrated the equivalence of the principles based, risk-safeguard approach on auditor independence.
In conclusion, EU auditors performing audits in relation to EU companies with a dual listing in the US would be subject to super equivalent rules on auditor independence leading at best to duplication, confusion, and certainly unnecessary cost. As we share the same objective, address the same areas of concerns, and have ended up with similar rules (safeguards), it is only right for the SEC to recognise that EU auditors who are subject to a properly enforced auditor independence system in line with the European Commission Recommendation, are independent and should be fully exempted from an overlapping SEC rule on auditor independence.
Furthermore, the SEC may consider whether it is proportionate to apply detailed SEC rules on auditor independence to EU auditors. The average trading volume in securities of EU companies with a dual listing on the NYSE is on average no more than 2.5% of the trading volumes in their European home market. Is it really proportionate or politically reasonable with such low US trading volumes to expect EU auditors of EU companies to follow detailed US rules on auditor independence where equivalent approaches already exist?
* * *
We have noticed that the proposed rule contains a number of provisions going beyond the SOA or refers to issues that are not clearly mandated by the SOA. Some of them have potentially far reaching consequences, for example:
- Audit partner rotation: broader scope of application (SOA: the lead audit partner; proposed rule: all partners of the audit engagement team including any partner who participates in auditing any subsidiary or affiliate of the audit client);
- Time out after rotation ( SOA: 1 year; proposed rule: 5 years);
- Questions on forensic auditing to evaluate the work of the financial statement auditors an issue not included in the Act;
- Defining tax services so as to possibly prohibit certain tax services which were clearly not mandated in the SOA;
- Compensation of cross selling of non-audit services.
We understand that the SEC has to respect the very tight deadlines for final rulemaking set by the SOA. But the SEC may want carefully consider whether there is a justified need to introduce these additional issues into the proposed rules as they have far reaching impacts beyond the scope of SOA. Looking at the severe time constraints (30 day comment period; 2 weeks to take all comments into account), we repeat again that the importance of these rules requires proper due process which is not possible with these time constraints. By the same token we do not believe that a transition period, as suggested under I. of the proposed rule, could sufficiently remedy a due process which is too short. The European Commission is carefully crafting its financial services legislation proposals by using extensive up front consultation procedures with a minimum of 2 months for interested parties to respond, which we believe improves the quality of legislation. Consequently, we would suggest that any issue beyond and additional to the Sarbanes-Oxley Act should be included in separate SEC rules.
The following attachment contains specific areas of the proposed rule which gives rise to conflicts of law with the EU. It also shows the equivalence of the Commission's Recommendation. In conclusion, conflicts can only be resolved by recognising the EU Recommendation as equivalent to the proposed rule and therefore excluding EU auditors from overlapping US rules.
* * *
We trust that our comments will help the definition of further SEC rules to be in the best interest of US and also EU companies and auditors with transatlantic business links.
Yours sincerely
Signed
p.o. D. J. WRIGHT
for
Alexander SCHAUB
Director-General
Annex to Comments on
proposed rule on auditor independence, file no. S7-49-02
A. Conflict of interests from employment relationships
The introduction of a cooling-off period is an example where the SOA has actually created convergence with our Recommendation.
The Commission Recommendation, point B 3.4 requires the auditor to respect at least a cooling-off period of 2 years before the key audit partner (the partner responsible at group level for significant audit matters) takes up a key management position (any position with responsibility for fundamental management decisions which include influence over accounting policies and preparation of financial records) with the audit client. It was not considered necessary to include the requirement for cooling-off for other staff than key audit partners where they are not in a position to exercise significant influence on the audit opinion.
We note that the SEC proposed rule 210.2 2-01(c)(2) iii B, requires a shorter cooling-off period (1 year) and addresses a larger scope of persons (also professional employees of the audit firm) for a similar range of positions at the audit client (financial reporting oversight role).
The inclusion of employees in the proposed rule creates conflicts with the law or even the Constitution of some Member States where it is considered unlawful to restrict employee's employment opportunities with other employers. In those situations, the audit firm simply cannot prevent by way of a labour contract, an employee moving to the audit client and hence cannot enforce the cooling-off other than by resigning from the audit engagement which seems disproportionate. In general, partner agreements, as opposed to labour contracts governed by labour laws, provide more discretion and would allow the inclusion of cooling-off arrangements.
Conclusion
The proposed cooling-off rule is in substance equivalent with the safeguard of the European Commission Recommendation. However, the broader scope of application will create conflicts of law or will even conflict with the Constitution of some Member States.
B. Services outside the scope of the practice of auditors
General comments
This section of the proposed rule constitutes one of the biggest changes to the current rule. Consequent to SOA section 201 (a), the proposed rule includes a list of non-permissible additional services, on the basis of the 3 simple principles already included in the current rule: auditing your own work, perform management functions, act as advocate for the audit client,. The proposed rule has taken away the fundamentals of a risk-safeguard approach by no longer recognising that there may be adequate safeguards to mitigate risks to auditor independence.
A complete prohibition of additional services would undermine the principles-based approach of the Recommendation. However, as a starting point, the Recommendation does not allow the provision of any non-audit service to the audit client that compromises auditor independence. This means that provision of additional services to the audit client is only possible if the auditor documents the related risks and the application of adequate safeguards. According to the Recommendation, auditors cannot be independent if the provision of additional services would include participation in audit client decision-making on behalf of the audit client. Moreover, the Recommendation contains a number of horizontal safeguards on his independence such as a declaration in writing to the governance body of the audit client that none of the services provided compromised auditor independence as well as a detailed public disclosure of audit and non-audit fees.
The Recommendation contains descriptions of circumstances where "prohibition" is the only adequate safeguard. For example, the auditor should not provide valuation services (with a significant degree of subjectivity) where the amount has a material impact on the financial statements, participate in the preparation of accounting records and financial statements for listed companies or provide a short list of candidates for key financial and administrative posts in the case of public interest entities. In the following section we provide comments in more detail on some additional services.
1 Bookkeeping services
We agree with the SEC that the provision of bookkeeping services generally poses a self review threat to auditor independence. For this reason, the Commission Recommendation point B 7.2.1.3 prohibits the provision of any bookkeeping and financial preparation services provided by the auditor in case his audit client is a public interest entity (which includes listed companies). Consequently, there is full equivalence with the proposed rule.
However, our Recommendation allows the auditor to be involved in the preparation of financial statements in case of emergency situations. But only if he is the only person with resources and knowledge to timely prepare those statements. We note that the proposed rule suppresses similar emergency assistance in the preparation of financial statements by the auditor included in the current SEC rule 210.2-01 (c)(4)(i)(B). Due to the fact that this will occur only in exceptional cases, differences will not be significant in practice.
2 Financial information systems (FIS)
We agree with the SEC that design and implementation of Financial Information Systems generally poses a self review threat to auditor independence. This is why the Commission Recommendation point B 7.2.2 would not permit the provision of such services unless certain criteria have been met, such as: management of the audit client acknowledging in writing the responsibility for the overall system of internal controls and the auditor satisfying himself that the audit client management is not relying on the financial information system as the primary basis for determining the adequacy of internal controls and financial reporting systems. This approach is equivalent with the current SEC rule.
Unfortunately, the implementation of SOA section 201 (a) into the proposed rule 210.2-01(c) (4) (ii) creates divergence because the "unless" clauses that provided safeguards under which certain FIS services could be provided have been suppressed.
It is not clear to us how the first question of the proposed rule on Financial Information System services: testing of hard- and software that generates financial data used in financial statements, relates to the considerations expressed under the Financial Information System services or to the proposed rule. In any case, in our view testing hard- and software systems that generate the financial information disclosed in financial statements is a part of any statutory audit. In combination with specific client knowledge it may even be efficient for the auditor to perform such tests. As long as the audit client takes the decision on the basis of well documented cost-benefit assessments, the provision of such a service would generally not compromise the auditor's independence.
However, auditor independence may be compromised if the auditor has a significant financial interest or a significant business relationship with any of the potential systems suppliers.
3 Appraisal and valuation services (and contribution in kind)
We agree with the SEC that appraisal and valuation services generally pose a self review threat to auditor independence. Therefore, under the Recommendation (point B 7.2.3) the auditor cannot provide valuations that are material in relation to the financial statements and involve a high degree of subjectivity. If the auditor provides valuations, management should always be responsible for underlying assumptions and methodologies. This is nearly identical to the current SEC rule 210.2-01(c) (4) (iii) that allows certain appraisal and valuation services (such as a review) where the audit client provides primary support for the balances recorded in the financial statements, or actuarial services if the audit client takes responsibility for all significant assumptions of subjectivity.
The proposed rule no longer recognises that safeguards can exist that mitigate threats to auditor independence for certain valuation services and therefore creates divergence.
Contribution in kind reports
In accordance with the SOA, under the proposed rule the auditor is not deemed independent if he provides contribution in kind reports. All Members States of the European Union have in their national laws, on the basis of Articles 10 of the 2nd EU Company Law Directive (contribution in kind) and 3rd EU Company Law Directive (share ratio in case of mergers) provisions that require a statutory auditor to provide an independent expert report on valuations prepared by management or other valuation experts. This applies to more than one million limited liability companies in the EU. Because this is an assurance (US terminology: attestation) service, nearly all Member States allow the statutory auditor to provide these assurance services. The additional guidance to point B 7.2.3 of our Recommendation says on this specific issue:
Engagements to review or to issue an opinion on the valuation work performed by others (e.g. engagements under Articles 10 and 27 of the 2nd Company Law Directive (77/91/EEC), Articles 10 and 23 of the 3rd Company Law Directive (78/855/EEC), or under Article 8 of the 6th Company Law Directive (82/891/EEC)), or to collect and verify data to be used in a valuation performed by others (e.g., typical `due diligence' work in connection with the sale or purchase of a business), are not regarded as valuation services under this principle.
We therefore believe that the SEC proposed rule should be modified to allow the contribution in kind assurance services by a/the statutory auditor performing such services under EU company law. Alternatively, this could be allowed via SEC "no action letters" for EU audit firms.
The European Commission has communicated its concerns on the SEC prohibitive approach in letters of 4 September and 5 October 2000 to the SEC Chief Accountant. In those letters it was made clear that contribution in kind reports on the basis of EU company law are assurance services by an/the auditor because the valuation is the responsibility of management. By way of follow up, SEC staff from the Chief Accountant's Office has sent a detailed questionnaire and we will send a separate response to the questionnaire.
5 Internal audit outsourcing
In the consideration on internal audit outsourcing the proposed rule addresses the impact of a strict prohibitive approach upon SME companies which may no longer turn to their external auditor to provide (some) internal audit services and which may increase their cost. In our view this is an important issue and our Recommendation deals consistently with the impact of auditor independence safeguards on SME companies and small audit firms because the Recommendation is applicable to all statutory audits of more than 1 million limited liability companies in the EU not just 7.000 listed EU companies.
The Recommendation differentiates some safeguards on the basis of the public interest character of the audit client ("public interest entities"). In several instances, under the condition of appropriate safeguards, some additional services may be provided to non public interest entities but not to public interest entities, for example, bookkeeping and financial statement preparation services. The SEC may want to consider applying a similar approach with regard to subsidiaries or affiliates of issuers that are not material to the issuer's consolidated financial statements to limit negative consequences of a too rigid approach.
We do not really understand the relevance of the question: "are there safeguards that can be established by the auditor that would allow the audit client to outsource the internal audit function to the auditor without impairing his independence?" because any deviation seems to contradict section 201 (a) of the SOA. Or does this question point at the SEC's intention to use its regulatory discretionary powers to make this prohibition more proportionate? In any case our answer to the question would be yes, and we would draw your attention to point B 7.2.4 of the Recommendation:
7.2.4. Participation in the Audit Client's internal audit
1. Self-review threats may arise in certain circumstances where a Statutory Auditor, an Audit Firm or an entity within a Network provides internal audit services to an Audit Client.
2. To mitigate self-review threats when involved in an Audit Client's internal audit task, the Statutory Auditor should:
(a) satisfy himself that the Audit Client's management or Governance Body is at all times responsible for:
(i) the overall system of internal control (i.e., the establishment and maintenance of internal controls, including the day to day controls and processes in relation to the authorisation, execution and recording of accounting transactions);
(ii) determining the scope, risk and frequency of the internal audit procedures to be performed; and
(iii) considering and acting on the findings and recommendations provided by internal audit or during the course of a Statutory Audit.
If the Statutory Auditor is not satisfied that this is the case, neither he, nor the Audit Firm nor any entity within its Network should participate in the Audit Client's internal audit.
(b) not accept the outcomes of internal auditing processes for statutory audit purposes without adequate review. This will include a subsequent reassessment of the relevant statutory audit work by an Audit Partner who is involved neither in the Statutory Audit nor in the internal audit engagement.
9 Legal services
We fully support the basic principle that an auditor cannot serve in an advocacy role for the audit client. However, not all "legal services" include an element of advocacy. There are also situations where proper safeguards can be put in place to reduce or mitigate the advocacy risk.
The questions raised by the SEC demonstrate that, for historical and cultural reasons, other countries may have an understanding of the role of legal advice which differs from that in the US. Hence, the question as to whether the provision of legal services to or acting in an advocacy role for an audit client impairs an auditor's independence can only be assessed by examining the legal framework within which that auditor operates or legal advice is provided. From a European point of view, the provision of legal advice does not a priori impair the independence of the statutory auditor to the extent that the auditor does not audit his or her own work nor assumes management functions.
There is no definition at global level as to what is and what is not a legal service. The SEC proposed rule prohibits the provision of legal services that under the jurisdiction in which the service is provided, are "reserved" for lawyers. Although we welcome this as a solution for certain legal services, it will create differences and/or may even create auditor independence problems. In jurisdictions with a limited range of services "reserved" for lawyers, a minimalist legal interpretation (everything which is not forbidden is allowed) could imply that the auditor provides legal services even if they would cause a serious advocacy threat. Again, this demonstrates the downside of the US rule based approach because under the principles based, risk-safeguard, approach of the European Commission Recommendation, even in cases where legal services would not be reserved for lawyers, the auditor is obliged to assess all threats to his independence from the provision of such services and must conclude that in case of significant advocacy threat that cannot be mitigated he cannot provide that service.
11 Tax services
One could (and under our risk-safeguard approach should!) consider whether some forms of (aggressive) tax planning create a significant self review threat to auditor independence so that the only appropriate safeguard would be not to perform such services. However, we cannot understand why the SEC proposed rule is raising questions on tax services that go beyond the SOA mandate and the legislative intent of the US Congress that specifically allow (all) tax services without any exemption. Such issues go beyond the Act and should be included in a more proper due process.
The tax questions raised by the SEC illustrate in our view the down side of the US "bright line" prohibitive approach to auditor independence: "everything which is not forbidden is therefore allowed". What may be bright and clear on the allowed side of the line, may still raise independence concerns. In our principles based, risk-safeguard approach, the auditor should consider the whole continuum of threats from relationships and additional services to his independence document and assess these, discuss them with the governance body and declare that they did not impair independence.
Overall conclusion on non audit services
Properly applied, the European Commission Recommendation fully ensures auditor independence equivalent to the SEC proposed rule.
C. Partner rotation
This is an example of an issue that was already covered in our Recommendation (point 10 (2) (a)) but is not addressed in the current SEC rule. Trust or familiarity threats due to acting for a long period for the same audit client should be mitigated by the safeguard of key audit partner rotation. Whereas our Recommendation refers to the trust and familiarity threat as the conceptual basis, the conceptual basis for the SEC proposed rule on audit partner rotation cannot be derived from the three simple principles referred to by the rule and Congress: auditing your own work, perform management functions, act as advocate for the audit client.
The rotation requirement of our Recommendation point10 (2) (a) is being implemented into Member States law and national professional codes of ethics. Any divergence between our Recommendation and the proposed rule would therefore create a conflict with Member States' laws or professional regulations.
In our view there are 2 aspects of divergence: time and scope.
The time difference for rotation is marginal and seems hardly worth discussing because there is no absolute truth on what determines non-independence: 5 years or 7 years rotation?, perhaps it should be 5.36254 years? However, the "time-out" after rotation proposed by the SEC is 5 years where section 203 requires only 1 year. Our Recommendation requires 2 years "time-out" which was in line with the SECPS (SEC Practice Section of the American Institute of Certified Public Accountants) rotation requirement.
In addition the scope of the SEC proposed rule goes beyond the requirements of the Sarbanes-Oxley Act. Section 203 refers to the lead audit partner or the review partner of the issuer providing audit services. We do not see the reason for the SEC to broaden the scope beyond the intention of the Act by including an engagement team partner performing not only audit but also review or attest services, not only on the issuer but additionally for any subsidiary. In our view this extension of the scope beyond the key audit partner responsible for the group audit has far reaching practical consequences because it requires rotation of auditors of subsidiaries in other jurisdictions of auditors who are not responsible for the group audit. It is not clear to us what risks are actually mitigated by the SEC proposed increase in scope.
One of the essential underlying notions of our Recommendation is that independence requirements should be applied to persons that are in a position to influence the outcome of the audit. From this it is logical to conclude that the rotation requirement should be applied to key audit partners only and should additionally be considered for those other engagement team members that are in a position to influence the outcome of the issuer's financial statements.
The SEC proposed extension of time-out and scope will further aggravate the adverse impact of the rotation requirement on small audit firms that audit, for example, private issuers. Small audit firms may not be able to meet the SOA rotation requirements and even less the SEC extended rotation requirement. Finally, the extension of scope may lead to a squeeze out of small audit firms in a situation where market concentration is a concern. Our Recommendation consistently refers to the impact on SME companies and under point B 10.3 small audit firms and small firms are offered more tailored alternatives for key audit partner rotation. The SEC may want to take the European Commission Recommendation approach into account, particularly with regard to those subsidiaries of an issuer that are not material to the issuer's financial statements.
Forensic audits
We consider the idea of introducing "forensic audits" to periodically evaluate the work of other auditors a "test balloon" which should not have been included in a proposed rule on auditor independence intended to implement the SOA provisions. The justification of the proposed rule gives several arguments for the "forensic" audit: as a proxy for auditor rotation, as a way to improve the detection of fraud during the statutory (financial statement) audit, and as a way of potentially improving the functioning of the audit committee. This issue would deserve more reflections on the intended benefits compared to the additional cost and increased complexity in responsibility for the audit. As a first reaction the terminology "forensic" seems unfortunate as it normally relates to fraud detection work. The arguments mentioned in the proposed rule have very little to do with auditor independence and it seems more efficient to resolve the concerns expressed by auditing standards dealing with detection of fraud, or proper quality reviews.
Conclusions:
- The time differences for rotation between the proposed rule and our Recommendation are arbitrary and should not, of themselves lead to conflict;
- Time differences in relation to the time-out period (EU 2 years, US 5 years). We would propose the SEC to consider 2 years also to overcome unnecessary negative consequences on the (im)possibility for small audit firms to audit SEC registrants, or subsidiaries and affiliates of SEC registrants;
- The scope of Section 203 concerning the lead partner is in line with our Recommendation point 10 (2) (a) that refers to the key audit partner (responsible at group level) being subject to rotation. The SEC "demarche" will create practical difficulties and more divergence with our Recommendation for no obvious reasons. We therefore strongly suggest the SEC to retain the concept of lead partner as mentioned in the SOA which we believe is identical to the concept of key audit partner in our Recommendation.
Overall, the slightly different time differences for rotation and scope between the SOA and our Recommendation provide a broadly equivalent level of protection of auditor independence.
D. Audit committee administration of the engagement
General comments
Audit committee pre-approval is an example of where federal securities legislation enters into the domain of corporate governance by adding an additional layer of legal requirements. Whilst this may be relatively easy in a US environment with often limited legal governance requirements in individual States, this is definitely not the case in the EU. Corporate governance in the EU has a strong legal underpinning at Member State level and also in EU legislation with much more far reaching requirements on accounting, financial reporting, certification, auditing and supervision than is common under State law in the US.
Moreover, Member State company law has been developed over a long time in specific jurisdictions. Conflicts of EU and Member States' law with corporate governance elements of US federal securities law will arise as a matter of principle. To mention a few:
- there is no general EU or Member State legal requirement to have an audit committee, let alone rules on its functioning;
- collective board and hence audit committee responsibility
- obligatory employee representation in several Member States
This makes it almost impossible for EU companies to comply with the audit committee pre-approval requirements on permissible non-audit services of the SOA. This is true for US listed EU companies as well as for private issuers from the EU.
Having said that, our Recommendation does recognise the importance of involvement of the audit client's "governance body" to ensure auditor independence. Auditor independence is too important to be left solely to the auditor!
Against a background of deeply rooted legal differences (not objectives!) our Recommendation refers to the involvement of the "governance body" in point 4.1.2. The "governance body" can be the supervisory board, the independent directors, or an audit committee.
Our Recommendation requires at least that on an annual basis and always before the acceptance or renewal of the audit engagement, the auditor discloses in writing audit fees and non audit fees. The auditor must also confirm in writing to the governance body that nothing has compromised his independence. Moreover, the auditor should seek to discuss these matters with the governance body. We believe that this involvement is an important and sufficient general safeguard to ensure auditor independence.
Conclusion:
- Detailed audit committee requirements will almost certainly conflict with EU- and Member State company law and capital market legislation.
- Our Recommendation requires up front involvement of the "governance body" of the audit client and a written declaration by the auditor of compliance with independence requirements.
The SEC may want to consider that our Recommendation which requires involvement of the governance body, is equivalent to the pre-approval by audit committees and should provide tailor-made relief on audit committee requirements for companies established in jurisdictions with proper corporate governance requirements.
F. Definitions
We noticed that the proposed rule changed the definition of "accountant" to include the "registered public accounting firm". Title 17 Chapter II of the Code of Federal Regulations § 240.10A-2 Auditor independence is proposed to be amended: ".. it shall be unlawful for an auditor not to be independent under §210.2-01 .... " We would like to know what the reason is for using different terminology.
The proposed rule varies in its application to issuers, audit clients, and other entities. We would recommend that the SEC revisits the use of these terms throughout the proposed rule as a general matter. We noticed that in some instances the reach of certain aspects of the proposed rule may be greater than intended. For example, although the SOA's "cooling-off period" provision applies to employees of "issuers," the proposed rule's comparable provision would apply to the much broader (and less certain) category of employees of "audit clients." The definition of "audit client" under the current SEC rule is exceptionally broad and unclear as to its reach. The term is defined to include "any affiliates of the audit client."
The breadth of this definition has important implications for several aspects of the proposed rules, and in these instances the term "audit client" should be replaced by the term "issuer," both to remain faithful to the intent of SOA, and to avoid the problems associated with the overly-broad definition of "audit client." In our view, the scope of entities from which the auditor has to be independent is better defined in the EU Recommendation, where the independence requirement relates to all entities included by in the consolidated financial statements of the issuer.
H. Expanded disclosure
General comments
We agree with the SEC that an auditor should be able to demonstrate that his independence has not been compromised by providing non-audit services to an audit client. Public disclosure of audit and non-audit fee is an instrument to indicate potential threats to auditor independence. This is why in point A 5 the Commission Recommendation requires a public disclosure of the fees for (1) audit, (2) other assurance services, (3) tax advisory services and (4) other non-audit services, with a more detailed breakdown of non audit services.
The proposed rule moves in the direction of our Recommendation and is to be welcomed. Registrants will be required to disclose fees for each of the two most recent fiscal years for the following categories of professional fees paid: (1) Audit fees, (2) Audit related fees, (3) Tax fees, and (4) All other fees.
In our view the new category "audit related fees" is not really clear and difficult to distinguish from audit fees. For example, under the category "audit fees", attest and review services not related to the statutory audit should be disclosed and the category "audit related fees" would comprise internal control reviews which are normally an important part of a statutory audit.
Conclusion
We believe that the categories of disclosure defined by the European Commission Recommendation are more meaningful and less confusing. Therefore, we suggest the SEC to consider the same categories for disclosure: (1) audit, (2) other assurance services, (3) tax advisory services and (4) other non-audit services with a more detailed breakdown of non audit services.
In any case we believe that audit and non audit fee disclosure by EU companies under the Recommendation is fully equivalent to the proposed rule and would not require further separate disclosure.
|