|
January 10, 2003 Mr. Jonathan G. Katz
Dear Mr. Katz STRENGTHENING THE COMMISSION'S REQUIREMENTS REGARDING AUDITOR INDEPENDENCE: FILE S7-49-02 We are writing to comment on your proposed rules issued and explained under the above title, and published in the U.S. Federal Register on December 13, 2002. The International Federation of Accountants (IFAC) is the worldwide organization for the accountancy profession. Founded in 1977, its mission is to develop and enhance the profession, with high quality global standards, to enable it to provide services of consistently high quality in the public interest. IFAC is comprised of more than 150 professional accounting bodies from every part of the globe, representing more than 2.5 million accountants in public practice, education, the public sector, industry, and commerce. No other accountancy body in the world and few other professional organizations have the broad-based international support that characterizes IFAC. IFAC has long recognized the need for a globally harmonized framework to meet the increasing international demands that are placed on the accountancy profession. Major components of this framework are International Standards on Auditing (ISAs) developed by the International Auditing and Assurance Standards Board (IAASB) and the IFAC Code of Ethics for Professional Accountants (the IFAC Code). The IFAC Code, developed by IFAC's Ethics Committee, (Ethics Committee) serves as the foundation for all codes of ethics developed and enforced by IFAC member bodies. The IFAC Code establishes the international standard on which national standards should be based and no IFAC member body or firm is allowed to apply less stringent standards than those stated in the section unless prohibited by law or regulation. In December 2001, IFAC issued a revision to the section of the Code of Ethics addressing independence requirements for assurance engagements (Section 8). Under separate cover we are sending you a copy of the Code. It may be download free-of-charge from our web site at www.ifac.org. The Principles based approach to Ethics The IFAC Code adopts a principles-based approach, establishing the principles of independence and providing a conceptual framework for applying those principles. IFAC Ethics Committee is of the opinion that a rules based approach to Ethics cannot provide for all circumstances and leads to unquestioning obedience to the letter of a rule while setting definitive lines in legislation that some will try to circumnavigate. The Ethics Committee strongly believes that a high quality principles based approach to independence will best serve the public interest by eliciting thoughtful auditor assessment of the particular circumstances of each engagement. It is recognized that related guidance and explanatory material needs to be sufficiently comprehensive and complete to drive auditor behavior and eliminate differences in practice. The IFAC Ethics Committee has currently issued over 100 paragraphs of interpretive guidance discussing specific circumstances and relationships that may create threats to independence. These illustrative applications of the principles to specific situations include guidance addressing financial interests, employment with assurance clients, long association with assurance clients and the provision of non-assurance services to assurance clients. The framework recognizes that circumstances may exist which pose a threat to the proper application of the principles in particular circumstances. Accountants are required to identify such threats, evaluate their significance and, unless the threats are clearly insignificant, apply safeguards where possible, eliminate the circumstances creating the threat, or refuse to accept or continue the assurance engagement. In certain circumstances no safeguards can reduce the threat to an acceptable level. Accordingly, activities or relationships creating such threat are prohibited. Examples of such prohibitions are noted in the relevant sections of the attachment to this letter. The section has been very well received worldwide, and is generally seen as leading the debate on, and approach to, independence issues. The recently issued EU Recommendation on `Statutory auditors' independence in the EU' has adopted a broadly similar conceptual framework approach. IFAC member bodies in several countries, including Australia, New Zealand, Hong Kong, Singapore, and Canada are in the process of adopting the provisions and others, including those in the UK, US, Japan, Switzerland, South Africa, Cyprus and Kenya have begun the process of reviewing their national codes with the intention of minimizing or eliminating any differences with the international standard. The Ethics Committee is of the opinion that there is overwhelming international support for the principles based approach and that this approach assists with convergence of standards on a worldwide level. Rotation of Auditors Your proposed revised rule will extend rotation requirements to cover all partners in the whole engagement team, including those in remote subsidiaries. We believe that such an extension is both unnecessary and possibly impractical. We also believe that the requirement to rotate all partners over five years may threaten audit quality as there will be little time for incoming partners to acquire sufficient in depth knowledge of clients' businesses. This may be a particular concern in countries where there may be few partners with a sufficient understanding of the particular industry involved, US GAAP or SEC rules. A blanket requirement for rotation may also squeeze out medium-sized audit firms from the public entity arena at a time when we desperately need them. It may also reduce the number of large or medium-sized firms that operate in smaller markets. This likely reduction in the number of auditing firms is not healthy. We believe your proposed solutions will reduce audit quality and put unnecessary obstacles in the way of.others who may wish to enter the market. We believe the real security to protect the public interest is to require second partner review at each stage in the audit and implement an effective internal control system within each audit firm covering engagement acceptance, risk management and quality control. The IAASB is currently developing proposed audit guidance in this area and is expecting to issue this for public comment within a few months. Provision of tax services by auditors We believe that tax services, including compliance, planning, provision of formal taxation opinions and assistance in the resolution of tax disputes do not generally create threats to independence. The process of auditing a tax provision included in financial statements is an iterative exercise that involves interaction of auditor and management throughout the engagement. The auditor has a responsibility to determine that management has not made choices that contravene tax law and might result in a material adjustment to the tax provision. However to suggest that the auditor should only look for situations when management have understated a tax liability is unrealistic. The auditor will also be watchful for areas where the tax liability is overstated. It would not be in the interests of shareholders or the general public if this careful use of professional knowledge held by the auditor was to be construed as providing tax advice. The role of the auditor in tax planning is to provide factual information about the application of tax law and regulation to specific business circumstances and set out various alternatives courses of action that management may select. As with other services the auditor is required by the Code to act objectively and with integrity. It is management's responsibility to choose the course of action to be followed. Territoriality issues The general application of the Act to all companies having registered equity or debt securities with the SEC and to all accounting firms that furnish audit reports with respect to issuers on US markets has an impact on national sovereignty. If no exemption or consideration is provided for companies and firms in other countries that already have a legal or regulatory framework to deal with these same issues the proposals will create conflict with the laws of those countries and unnecessary duplication of compliance with multiple regulatory approaches designed to achieve the same safeguarding objectives. Since so many jurisdictions are adopting the IFAC Code of Ethics, we suggest that an undertaking that the foreign audit firms are complying with this Code should meet your needs. Detailed points In this cover letter we have highlighted several key issues. In the attached Appendix we reiterate these comments as well as providing our opinion on other aspects of your proposed rule changes. We have only offered comments on those issues currently addressed by the IFAC Code. Conclusion We believe that the Code is more rigorous and exacting than a simple list of prohibited services. It is so because the auditor is required to determine what threats exist, what safeguards can be identified and applied and to determine whether a reasonable and knowledge individual in possession of all relevant facts would conclude that such safeguards are sufficient to protect independence. If the conclusion is negative the auditor must eliminate the threat by declining the service or withdrawing from the audit. While it is too early to provide empirical evidence of the success of our Code we feel confident that time will show that audit firms around the world are already giving much greater consideration to threats and safeguards to independence. When coupled with an effective quality assurance process, we believe that the interests of shareholders, investors and the general public will be well protected. We applaud and support your efforts to restore public confidence in the financial markets. We believe that reasoned and reasonable changes in auditor independence requirements are necessary at this time. IFAC and its Ethics Committee are available at any time to meet with you and work towards strong, workable and enforceable independence standards on a global basis. If you require any clarification of the matters contained in this response, please feel free to contact me.
COMMENTARY ON SOME OF THE DETAILED PROPOSALS To be read in conjunction with the covering letter from IFAC dated January 10, 2003. Conflicts of interest resulting from employment relationships We note that you propose that the employment of audit engagement team members of an accounting firm in a financial reporting oversight role at an audit client within one year prior to the commencement of procedures for the current audit engagement would cause the accounting firm not to be independent with respect to that client. The IFAC Code recognizes that the independence of a firm or a member of an assurance team may be threatened if a director, an officer or an employee of the assurance client in a position to exert direct and significant influence over the subject matter of the assurance engagement has been a member of the assurance team or partner of the firm. However, when revising the section of the Code addressing independence for assurance engagements, we concluded that rather than imposing a specific cooling off period, it would be more appropriate in the context of the principles based, threats and safeguards approach adopted by the Code to:
The guidance in the Code includes both mandatory safeguards (without which the threat cannot be reduced to an acceptable level) and examples of other safeguards which might be appropriate in particular circumstances. You ask: "Is the term audit engagement team sufficiently clear?" In developing its Code, the Ethics Committee found the phrase audit or assurance team to be imprecise. Accordingly the definitions in the Code specify the assurance team as:
(a) All professionals participating in the assurance engagement; (b) All others within a firm who can directly influence the outcome of the assurance engagement, including: (c) For the purposes of an audit client, all those within a network firm who can directly influence the outcome of the audit engagement. You ask: "whether the appropriate officers at the company are covered by the proposal". We strongly support your definition of Financial Reporting Oversight Role (those who can exercise influence). We believe that by adopting such a principles-based definition rather than a detailed list, you will achieve coverage of all appropriate officers in all circumstances. To the extent you decide to impose a cooling-off period, we would suggest you only cover the situations mandated by the Sarbanes-Oxley Act. Non Audit Services - General You ask: "whether there are other non-audit services (in addition to those listed in the proposed rules) that raise independence concerns." We believe it is unnecessary to further extend the list of non audit services that are prohibited to audit clients regardless of circumstances. In your discussion and analysis of the proposed rule changes, you state that the intention of the Sarbanes Oxley Act was to implement three basic principles which are that an auditor cannot (1) audit his or her own work, (2) perform management functions, or (3) act as an advocate for the client. You state that to do so would impair the auditor's independence. We agree with these principles, and we believe that if you were to include these three principles in the final release, it would remove a need for further adding to the list of prohibited non audit services. Non Audit Services - Bookkeeping or Other Services Related to the Audit Client's Accounting Records or Financial Statements of the Audit Client The IFAC Code prohibits the provision of accounting and bookkeeping services, including payroll services and the preparation of financial statements or financial information which forms the basis of the financial statements on which the audit report is provided for audit clients that are listed entities (8.168). We do see the need for reasonable exemptions when emergency situations arise (8.170). We believe it would be pragmatic to continue the Commission's longstanding exemption in this regard. However, as set out in the Code, it is our opinion that the provision of accounting and bookkeeping services of a routine or mechanical nature to divisions or subsidiaries of listed audit clients would not be seen as impairing independence with respect to the audit client provided that the following conditions are met:
We note that you have proposed removing the existing exemption allowing the provision of such services for foreign divisions or subsidiaries of audit clients under specified conditions. We believe that it is important that this exemption remain. Rules designed for one legal and cultural environment cannot necessarily be successfully applied in other legal or cultural environments. In addition, although we note that you refer to the reasonable likelihood that the results of the services would be subject to audit procedures, we would suggest that you consider as a minimum reinstating the exemption for services provided to immaterial foreign divisions of audit clients. Non Audit Services - Financial Information Systems Design and Implementation The IFAC Code currently permits the provision of such services to audit clients where specified safeguards are in place. These safeguards are designed to ensure that the audit client accepts all responsibility for:
Such safeguards should ensure that auditors do not participate in management decision making or perform management functions and thus will not be in a position of reviewing their own decisions. However, we are currently reviewing this guidance and will be seeking input from our member bodies, accounting firms, and other interested parties. In answer to your specific question: "Is an auditor's independence impaired when the auditor helps select or test computer software and hardware systems that generate financial data used in or underlying the financial statements? Why or why not?" We believe that the answer will depend on the specific circumstances and the safeguards adopted. If an auditor is testing software packages and reporting the results of those tests to management, without recommendation, and management makes its own decision, then we believe that independence is not impaired. If auditors are selecting packages or making recommendations to management then they may be assuming management functions in which case we believe that independence could be impaired. Non Audit Services - Appraisal or Valuation Services, Fairness Opinions, or Contribution-in-Kind Reports The IFAC Code prohibits the performance of valuation services for audit clients which involve the valuation of matters material to the financial statements and where the valuation involves a significant degree of subjectivity (8.173). We believe that such valuation services give rise to self review threats which cannot be reduced to an acceptable level by any safeguard. This is consistent with your proposed revised rule. However, we believe that while the performance of valuation services for audit clients that are neither separately nor in aggregate material to the financial statements or that do not involve a significant degree of subjectivity may create self review threats, these threats could be reduced to an acceptable level by the application of safeguards. We note that you have observed that contribution-in-kind reports sometimes required by law in the EU could be affected by your proposals. A recently issued Interpretation published by the Ethics Committee states that such independent expert reports do not give rise to a self interest threat as the valuation of the non-cash contribution is the responsibility of the management of the company. The independent expert is responsible for the expression of an opinion on the reasonableness of the valuation performed and on whether the value of the non-cash consideration received is not less than the value of the shares to be issued. In fact, the independent expert is fulfilling an attest function quite similar to that performed in an audit of financial statements. There is no involvement in management decisions and there is no review of own work as the valuation was not performed by the independent expert. Non Audit Services - Internal Audit Outsourcing The IFAC Code considers situations where:
Where the auditor is providing assistance, or undertaking the outsourcing of some of the activities, the Code provides that any self-review threat created may be reduced to an acceptable level by ensuring that there is a clear separation between the management and control of the internal audit by audit client management and the internal audit activities themselves. Where the auditor is performing a significant portion of the internal audit activities, the Code provides that the auditor should consider the threats and proceed with caution before taking on such activities. Appropriate safeguards should be put in place and the firm, or network firm, should, in particular, ensure that the audit client acknowledges its responsibilities for establishing, maintaining and monitoring the system of internal controls. You ask: "whether an exception to your proposed rule should be provided for small businesses." The Code provides that there are safeguards which can be applied and that the provision of internal audit services to audit clients, large or small, need not necessarily impair independence. We would encourage an exception to the rule for small businesses. Smaller entities may not need full-time internal auditors but may need some services that internal auditors provide and which they can obtain from their external auditors. Absent turning to their external auditors this work might not get done at all or only at significant cost because the company would have to engage and brief a separate accounting firm. You ask: "are there safeguards that can be established by the auditor that would allow the audit client to outsource the internal audit function to the auditor without impairing its independence". The Code provides that it is possible to establish such safeguards. Key to the auditor is an agreement with management that the findings and recommendations resulting from the internal audit activities are reported appropriately to the audit committee or supervisory body (8.182). Management itself can and should institute its own controls including having the audit committee or supervisory body approve the scope, risk and frequency of the internal audit work to be performed by the external auditor. Wherever possible accounting firms should be expected to set up their operations so that such non-assurance services are provided only be personnel not involved in the audit engagement and with different reporting lines within the accounting firm. Non Audit Services - Management Functions We strongly agree that auditors should not be involved in management decision making functions. We suggest that you consider including some examples of management decision making functions. The IFAC Code (8.156) includes the following examples:
Non Audit Services - Broker-Dealer, Investment Adviser Or Investment Banking Services The IFAC Code prohibits the provision of the following services for audit clients:
Non Audit Services - Legal Services and expert services The IFAC Code prohibits an auditor from performing a litigation support role involving the making of managerial decisions on behalf of an audit client. It also prohibits acting for an audit client in the resolution of a dispute or litigation in such circumstances when the amounts involved are material in relation to the financial statements of the audit client (8.197). We believe that the key issue here is what we term `advocacy threat'. The Code provides that there is a distinction between advocacy and advice, and that legal services to support an audit client in the execution of a transaction (e.g., contract support, legal advice, legal due diligence and restructuring) need not generally impair independence. Such services may create self-review threats; however, safeguards may be available to reduce these threats to an acceptable level. Non Audit Services -Expert services The IFAC Code prohibits an auditor from performing expert services involving the making of managerial decisions on behalf of an audit client. The Code recognizes that other expert services (for example such activities as acting as an expert witness, calculating estimated damages or other amounts that might become receivable or payable as the result of litigation or other legal dispute, and assistance with document management and retrieval in relation to a dispute or litigation) may give rise to self review threats when the services provided include the estimation of the possible outcome and thereby affect the amounts or disclosures to be reflected in the financial statements. However, the Code recognizes that is possible in these cases to establish safeguards to either eliminate the threats or reduce them to an acceptable level. Tax Services You ask: "whether there are tax services that should be prohibited and whether it is meaningful to categorize tax services into permitted and disallowed activities." We believe that tax services, including compliance, planning, provision of formal taxation opinions and assistance in the resolution of tax disputes do not generally create threats to independence. The process of auditing a tax provision included in financial statements is an iterative exercise that involves interaction of auditor and management throughout the engagement. The auditor has a responsibility to determine that management has not made choices that contravene tax law and might result in a material adjustment to the tax provision. However to suggest that the auditor should only look for situations when management have understated a tax liability is unrealistic. The auditor will also be watchful for areas where the tax liability is overstated. It would not be in the interests of shareholders or the general public if this careful use of professional knowledge held by the auditor was to be construed as providing tax advice. The auditor has a responsibility under the Code to ensure that all tax services are performed in an objective manner and that the auditor acts with integrity. The Code requires careful consideration in each situation but in our view, the key issues are to ensure that in providing tax services auditors do not:
We believe this is better achieved through the adoption of a safeguards approach rather than through unconditional prohibition. Further, we believe that the proposed rule may result in businesses no longer being able to use their auditors for tax advice of any kind which may have implications for the range of services offered by accountancy firms and, by extension, to the quality of audits provided. Similar to the concerns expressed elsewhere in this paper regarding internal audit outsourcing, smaller companies may be particularly affected because they may not have the need for full-time tax specialists on staff and if they are not able to seek advice from their external auditor the work may not be done at all or only at significantly greater cost. Partner rotation The IFAC Code recognizes that using the same lead engagement partner on an audit over a prolonged period may create a familiarity threat. Consequently, for audits of listed entities, the Code requires the rotation of the lead engagement partner after a pre-defined period, normally no more than seven years (8.151). We believe that by limiting the rotation requirement to lead engagement partners, the requirement covers all those partners where there can be a significant threat from familiarity, but does not unnecessarily bring in others, where alternative safeguards can be applied. Your proposed revised rule will extend rotation requirements to cover all partners in the whole engagement team, including those in remote subsidiaries. We believe that such an extension is both unnecessary and possibly impractical. We also believe that the requirement to rotate all partners over five years may threaten audit quality as there will be little time for incoming partners to acquire sufficient in depth knowledge of clients' businesses. This may be a particular concern in countries where there may be few partners with a sufficient understanding of the particular industry involved, US GAAP or SEC rules. You ask: "should the rotation requirements be different for small firms?" While all audit partners should be expected to maintain competency in current audit standards, in small firms there may be few partners with the in-depth knowledge of the additional issues relevant to public entities. Accordingly, a mandatory requirement for rotation may result either in audits being performed by less qualified partners, or entities being required to seek new larger firms to act as their auditors. We see both of these options as undesirable from a public interest perspective. We would encourage the provisions of less stringent rotation requirements - perhaps accompanied by alternative safeguards such as mandatory reviews by another professional not directly involved in the audit team and independent quality reviews. We have commented on this issue in our covering letter. We do not believe it s necessary to extend compulsory rotation beyond partner level. The Code indicates that it would be preferable to require the establishment of alternative safeguards, for example:
***** |