This past year, the Securities and Exchange Commission (SEC) and Public Company Accounting Oversight Board (PCAOB) settled several enforcement actions against audit firms and in some cases, firm personnel, citing noncompliance with auditor independence requirements. Between September 2018 and October 2019, the SEC settled five (5) cases and the PCAOB settled seven (7) cases. What happened and what can we learn from these matters? This article explores the answers to several questions based on the published settlement agreements.
What size firms were involved? Regulators settled five (5) cases with Big 4 firms (in four (4) of the five (5) cases, the settlement involved a non-US member of the firm’s network). Five (5) cases involved other firms in the top twenty (20) accounting firms (based on net revenue, according to Accounting Today’s 2019 survey), with two (2) of those settlements related to firms in the same network. The two (2) remaining cases involved smaller firms (still within the top 100, according to the Accounting Today survey).
Which independence issues did regulators cite in the settlement orders?
Independence issues varied, relating to:
- Financial relationships, e.g. bank or brokerage accounts, loans and credit cards
- Nonaudit services, specifically, bookkeeping, valuations, information system design and implementation, corporate secretarial, payment facilitation, payroll outsourcing, loaned staff, internal audit outsourcing and investment advisory services
- Business relationships and client advocacy
- Board association
- Partner rotation
- Communications with the audit committee
- Audit committee pre-approval of internal control-related services
To what extent were persons associated with the firms disciplined for violating independence? In all cases, the regulator penalized the firm for the violation(s). However, five (5) settlements also included censures, penalties and other sanctions against individuals in the firm. In three (3) of those cases, the firm’s independence leader was sanctioned and in one (1) instance, the firm’s CEO failed to personally comply with independence requirements.
What did the firms and these persons do or fail to do? In addition to failing to comply with the rules, in one matter, a partner mischaracterized prohibited nonaudit services as audit services, bypassing his firm’s internal review system. Some failed to discuss known independence matters with the audit committee. And, some firms failed to appropriately remedy violations they knew about, causing violations to recur or continue for an extended period. Some violations went undetected for more than a year, leading the regulator to conclude that quality control over independence compliance was deficient. In addition:
- One firm misplaced its personnel’s annual independence affirmations. When notified of their upcoming PCAOB inspection, personnel were directed to recreate and backdate the forms, but the firm’s independence leader failed to disclose that fact to the inspection team.
- Violations related to client advocacy and nonaudit services applied to numerous audit clients of those firms. In one case, the firm provided prohibited nonaudit services to the affiliates of its audit clients (not the client itself). In another, the firm publicly endorsed audit clients participating in a firm-sponsored event. One firm provided prohibited bookkeeping and related services to several clients because it erroneously applied AICPA, not SEC, independence rules in performing “custody rule” audits under Rule 2-06(4)-2 of the Investment Advisers Act.
- An individual at a member of the firm’s network prepared valuation reports for an audit client that the firm relied on in performing the client’s audits. That individual publicly took responsibility for the valuations, which appeared in press releases creating what the SEC described as a mutuality of interests between the firm and the client.
- One firm’s partner served more than five (5) years as lead or concurring partner on an audit, exceeding the maximum allowable period in those roles.
Did the matters cite violations of other ethics rules? In one case, the partner held responsible for violating independence was also found to have lacked integrity because he shared confidential information about the client with a third party without the client’s consent. Another case cited several audit deficiencies stemming from (among other things) a lack of due care and skepticism in performing the audit.
How were the violations discovered? The settlement orders do not consistently indicate how violations were discovered although four (4) orders stated that violations were identified during firms’ inspections by the PCAOB.
In how many cases did the SEC or PCAOB find deficiencies in the firms’ quality control over independence? In 75 percent of these cases, the SEC or PCAOB concluded that the firm’s system of quality controls over independence did not provide reasonable assurance that the firm and its covered persons were complying with independence requirements. Sometimes, these deficiencies were characterized as systemic, requiring significant follow-up by the firm.
For example, some firms were required to retain an independent consultant to review the firm’s quality control over independence and recommend changes. In one case, the firm was required to increase the staffing in its independence office and in another, consider the sufficiency of its resources devoted to independence compliance. Another cited a lack of proper independence controls over the client acceptance process because prior to accepting an audit client, the firm had no mechanism other than the independence inquiry email to ascertain whether prohibited business relationship existed, e.g. the firm had no database or other system that captured all vendors, subcontractors or other entities that do business with the firm. Thus, the SEC concluded that the firm lacked sufficient policies or procedures to prevent an independence violation.
What sanctions were imposed in connection with these settlement agreements? The range of sanctions included:
- Censures on firms and personnel held responsible for causing the violation(s).
- Civil money penalties on firms ranging from $15K to $3.5M, with one firm also agreeing to disgorge fees and pre-judgment interest of over $4M.
- Civil money penalties on individuals charged with violating independence ranging from $10K to $25K.
- Directives to establish or enhance policies and procedures or hire an outside consultant to conduct a review of the firm’s quality control over independence (generally, focusing on a specific area such as nonaudit services, financial relationships or documentation).
- One firm was precluded from performing custody rule audits, broker-dealer audits, public company audits, or any other assurance service arising from an SEC rule for a period of one (1) year.
- Bars on individuals to practice before the SEC ranging from one (1) to four (4) years and in a few cases, disallowing an individual to serve as independence leader, temporarily or permanently, for the firm.
For further information, see:
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Cathy Allen, CPA of Audit Conduct, LLC helps CPAs and others understand and apply the accounting profession’s independence and professional ethics rules through consultation, training, litigation support and expert services.
Ms. Allen was a Managing Director in PricewaterhouseCoopers, LLP’s US Independence Office. She formerly served as senior staff to the AICPA Professional Ethics Executive Committee, where she was instrumental in developing standards and tools for the profession like the AICPA Plain English Guide to Independence and the Conceptual Framework for Independence.
Ms. Allen currently serves as the Northeast Regional Director of the National Association of State Boards of Accountancy (NASBA), chairs the NASBA Ethics Committee, and formerly served as a member of the New York State Board for Public Accountancy.