For hifsa shaukat ONLY
Update on Fraud
Issuance of SAS 99, November 2002
INTRODUCTION
The accounting profession has been under increasing criticism for failing to discover material frauds that had taken place in organizations that are now counted among the largest bankruptcies ever in America (WorldCom, Enron, Adelphia Systems, and Global Crossing) as well as other situations where audits were conducted with the presumption that fraud was not likely. The profession has responded with SAS 99. The new standard reiterates the auditor’s responsibility to plan and conduct the audit to provide reasonable assurance that material fraud will be detected. Further, the new standard fundamentally changes the auditor’s presumption that fraud exists in some areas, such as revenue recognition, and outlines detailed procedures to identify the risk of fraud and procedures used to address those risks. The new standard can be obtained at www.cpa2biz.com.
The auditor remains responsible to “plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.” Fraud continues to be defined as an “intentional act that results in a material misstatement in the financial statements that are the subject of an audit.” Two types of misstatements arising from fraud are:
Misstatements arising from fraudulent financial reporting. These include material misstatements or omissions of amounts or disclosures designed to deceive financial statement users. Generally such misstatements are carried out by:
Manipulation, falsification or alteration of accounting records or supporting documents,
Misrepresentation or omission of events, transactions, or other significant information,
Intentional misapplication of accounting principles.
Misstatements arising from misappropriation of assets. This is generally referred to as defalcations and involves the theft of assets that are covered up in the financial statements.
OVERVIEW OF CHANGES
The major changes in the new standard include:
Audit Team Brainstorming. A responsibility for the audit team to essentially “brainstorm” about the possibility of fraud and the manner in which fraud might be committed prior to the start of the audit.
Auditor must consider how fraud can be perpetrated and covered up. A responsibility to consider the risk of fraud, including the risk that the fraud could be cleverly covered up in false documents or supporting evidence the auditor normally examines.
Presumption of Fraud in Revenue Recognition. A presumption that fraud will be present, especially in sensitive areas where fraud has historically occurred. The auditor should presume that fraud takes place in revenue recognition and overstatement of certain assets that are susceptible to manipulation and cover-up.
Must consider Incentives, Opportunities, and Rationalization for Fraud. A requirement that the auditor specifically consider all the elements that may make fraud more likely, including the nature of executive compensation and pressure to meet earnings targets.
Greater Susceptibility of Evidence Manipulation. A clear recognition that management or others will work hard to cover up a fraud. The auditor needs to be skeptical of management responses and consider the alternatives management might have to cover up a fraud.
Journal Entries are Important. Many frauds are covered up through non-supported journal entries or accounting estimates.
Great Skepticism of Management Responses. Greater skepticism to be given to management responses coupled with an increase in the amount and nature of evidence required to corroborate management responses to auditor inquiries.
Reporting Responsibilities. The auditor has responsibility to report fraud during the audit to management, even if they are not material to the financial statements, and to the audit committee. Management needs to be aware of all frauds even if such frauds are not deemed material to the financial statements.
New Technology Facilitates New Methods to Perpetrate Fraud. New types of organizational structures, new entities, or complex financial instruments provide opportunities to cover up fraud through either unnecessary complexity or even by side agreements among entities. Computerized information systems provide new opportunities to change documentation and methods of committing fraud.
Recognition that Collusion may be Likely. The collusion may be among entity employees, but could also occur between management and third parties.
Predictability of Audit Procedures. The audit team should work to eliminate predictability in audit procedures, such as rotating tests of particular assets over a period of time, to reduce the opportunities for a perpetrator to effectively cover up a fraud.
Analytical Procedures Should Tie to Operational or Industry Data. The auditor should not look just at relationships within the financial statements. Rather, the auditor should analyze financial data in relationship to other operational data such as production capacity or purchased supplies.
The standard continues to emphasize the need for professional skepticism. Auditors need to conduct audits with a mindset that the possibility of material misstatement due to fraud exists even if all the past experiences with a company have been positive. More to the point:
“the auditor should not be satisfied with less-than-persuasive evidence because of a belief that management is honest.”
That above statement about management trust addresses one of the most fundamental auditing postulates as the profession has previously believed that a presumption that management is not honest would make the cost of an audit prohibitively expensive. The new concept is that every inquiry and response by management must be corroborated by factual information and auditor analysis.
MOTIVATIONS TO COMMIT FRAUD
The Standard draws on considerable research that identifies three factors associated with most fraud:
Incentives or Pressure to commit fraud,
Opportunities to commit fraud,
Attitudes or ability to rationalize the fraud.
The AICPA and other auditing organizations have developed a supplemental guide that contains more detail on the potential fraud factors. More information can be found at: http://www.aicpa.org/antifraud
Incentives or Pressures to Commit Fraud
The audit team should consider the incentives or pressures to commit fraud on each engagement, including the most likely areas in which fraud might take place. The pressures include:
Management compensation schemes,
Other financial pressures for either improved earnings or improved balance sheet,
Personal factors, including the personal need for assets,
Debt covenants,
Personal wealth tied to either financial results or survival of the company.
Opportunities to Commit Fraud
One of the most fundamental and consistent findings in fraud research is that there must be an opportunity for fraud to be committed. While this may sound trite, i.e. “everyone has an opportunity to commit fraud,” it really conveys much more. It is not only that an opportunity exists, but there is either a lack of controls or complexity associated with a transaction such that the perpetrator assesses the risk of being caught as low. For example, a lack of segregation of duties may encourage a perpetrator to think he or she can take cash payments and cover the defalcation through adjustments to the accounts receivable. Alternatively, the size and complexity of Special Purpose Entities at Enron, or the sheer size of capital investments (as well as knowledge of audit procedures used by the external auditor) at WorldCom may have led the perpetrators to assess the likelihood of being detected as small. Some of the opportunities that the auditor should consider include:
Significant related party transactions,
Industry dominance, including an ability to dictate terms or conditions to suppliers or customers,
The entity makes a number of subjective judgments regarding assets or developing estimates,
There is ineffective monitoring of management, either because the board of directors is not independent or effective, or there is a dominating manager,
There is a complex or unstable organizational structure, and/or
The internal control system is weak or non-existent.
Attitude or Ability to Rationalize the Fraud
Is it acceptable to push accounting to the limits as long as a standard does not prohibit a particular accounting treatment? Do accountants enhance their personal value in a company if they are good ‘financial engineers’? Somehow, the generally accepted answers to these questions during the late 1990’s and early part of 2000-2001 was unfortunately a resounding “YES!” Many in the profession felt that they were adding value by finding ways to “dress up the financial statements,” even when the financial statements did not accurately portray real economic events. We know that individuals are good at rationalizing what would otherwise seem to be inappropriate behavior.
The nature of the fraud rationalization will often differ as to whether the fraud is a defalcation or a financial statement fraud. For defalcations, the personal rationalizations often revolve around personal financial problems, mistreatment by the company, or a sense of entitlement (i.e. the company owes me!) by the individual perpetrating the fraud.
PLANNING THE AUDIT
A possibility of either type of fraud is present in every audit. The possibility that management may be deceitful, or cover up frauds, may occur on every engagement. Financial factors may arise during the current year that did not exist previously and may influence either an individual to perpetrate a defalcation or management to engage in fraudulent financial reporting. The audit team must analyze the changes in the company, its controls, and its environment at the start of every audit to assess the risk that a fraud may have taken place.
An overview of the audit process is shown in Exhibit 1 in flowchart form. The major processes are to:
Discussion among engagement personnel regarding the risks of material misstatement due to fraud.
Obtaining information needed to identify risks of material misstatement due to fraud.
Identifying the risks that may result in material misstatement due to fraud.
Assessing those risks.
Developing an overall audit plan that reflects those risks.
Gathering and evaluating audit evidence, corroborating evidence, and determining whether or not a material fraud exists.
Communicating the existence of fraud to management, the audit committee, and others that may be required.
Documenting the audit process and findings regarding fraud.
Discussion of Fraud Possibilities Prior to Finalizing Audit Plan
The audit team should “brainstorm” about how and where they believe a company’s financial statements might be susceptible to fraud. This should include a discussion of how management could perpetrate and conceal fraudulent financial statement reporting, or how an individual could conduct a defalcation and cover it up. Such brainstorming requires a great deal of knowledge about the company and its control structure as well as the effect of compensation schemes and other motivating factors. Here the audit team must consider the overall company’s culture and the possibility of management override of controls. The audit team should draw on past experiences with the company as well as experiences with other companies and research that has been conducted on the perpetration of frauds.
Obtaining Information About Fraud Risks
The auditor’s responsibility for planning the audit has not changed. However, the auditor should identify specific procedures that could signal the possibility of fraud. Some of the procedures that may be considered by the auditor include:
Making inquiries of management and others, e.g. audit committee chairs, to obtain their views about risk of fraud and controls set up to address those risks,
Performing analytical review and consider any unusual or unexpected relationships,
Reviewing the risk factors identified earlier (motivation, opportunity, rationalization),
Reviewing management responses to recommendations for control improvements and internal audit reports.
Identifying Risks of Fraud
The auditor should examine each of the three fraud risk conditions (motivation, opportunity, rationalization) to determine the likelihood of fraud. All three need not be present. The auditor should be aware that certain classes of transactions are highly susceptible to fraud, such as estimates or those that involve complex accounting principles, or those that are complex in structure. The auditor must consider:
The type of risk.
The potential significance of the risk.
The likelihood of an occurrence of fraud due to the risk.
The pervasiveness of the risk.
The auditor should always presume there is a risk of improper revenue recognition, and a risk that management could override controls.
Assessing the Risks
The audit team should assess each of the risks in conjunction with the previous brainstorming that took place at the beginning of the audit engagement. This initial assessment should be supplemented by knowledge of controls, analytical procedures, and fraud likelihoods to develop a plan to ensure that the audit develops evidence to accurately assess the existence or non-existence of fraud.
Developing the Revised Audit Plan
The previous assessment should lead the audit team to a point where they can identify the likelihoods of fraud and how the fraud might happen. Given the audit team’s knowledge of industry, management motivations, and the entity’s control structure, the audit team should develop hypotheses about how fraud could be conducted and covered up. These hypotheses should be prioritized based on:
Analytical review results that indicate unusual relationships.
Current economic conditions and their impact on the entity.
Quality of the company’s controls.
The audit team should design specific audit tests based on the ranking of the most likely format of a fraud, and then move down the line. The audit team should obtain additional corroboration of management’s explanations or representations.
Other Factors To Consider
When a high risk of material fraud exists, audit management and the audit team should consider the following courses of action:
Assignment of more experienced team members or specialists to the engagement team.
Pay close attention to accounting areas that are highly subjective or those that are complex.
Decrease the predictability of audit procedures. Surprise visits, observation of assets, performing more procedures at year-end, are all examples of procedures that would decrease predictability.
Responding to the Risks: Audit Changes
The audit team should first consider how the highest hypothesized fraudulent activity might take place. Then, the audit team should: first, should consider the type of evidence, such as analytical review, could provide insight on the existence of a potential fraud. Finally, depending on the likelihood assessment of fraud, the auditor should develop and implement the most effective audit procedures.
The nature of audit procedures may be changed to obtain additional corroborative evidence, or to obtain more direct evidence. For example, the auditor may extend confirmation procedures to include direct correspondence with customers, or may confirm major attributes of a sales contract. Or the auditor may choose to observe the counting of inventory at all locations rather than at selected locations.
The timing of the gathering of evidence may also change. For an example, more of the substantive testing, such as the observation of inventory or direct tests of accounts receivable, may take place at year-end. Cut-off tests for both sales and inventory may be extended and conducted at year-end.
The extent of procedures should be directly related to the audit team’s assessment of the likelihood of risk. The audit team may be encouraged to do more analysis by utilizing generalized audit software to examine a larger percentage of a population.
Examples of extended audit procedures include:
Performing procedures at locations on a surprise or unannounced basis.
Requiring that inventories be counted and observed at year-end.
Making oral inquiries of major customers and suppliers.
Performing analytical procedures using disaggregated data that would show more unusual fluctuations.
Examining details of major sales contracts.
Examining financial viability of customers.
Examining in detail, all reciprocal transactions or similar transactions between two entities, e.g. sales of similar assets to each other, to determine the economic viability and the correspondence with similar transactions in the marketplace.
Making a detailed examination of journal entries.
Evaluating Audit Evidence
The auditor’s skepticism should be heightened whenever:
There are discrepancies in the accounting records. These include transactions not recorded in a timely fashion, unsupported transactions, last-minute adjustments, or situations in which the auditor has tips or complaints about alleged fraud.
The auditor finds conflicting or missing evidential matter. Examples include: missing documents, altered document, significant unexplained reconciliations, missing inventory, unavailable or missing electronic evidence, or the inability to produce evidence related to the design and operation of the entity’s computerized information system.
The relationship with management seems strained. Examples of such problems might include: denial of access to records, undue time pressures, unusual delays in providing requested information, unwillingness to provide electronic data or access to electronic systems, or an unwillingness to revise disclosures in response to an auditor request to make such disclosures more transparent and informative.
The auditor should always be alert to an unusual amount of revenue being recorded near year-end, or at the end of quarterly reporting time frames. Similarly, the auditor should examine all accruals or changes in estimates that occur in a similar time frame. The audit team should always consider the relationship of reported financial results with underlying economic factors. For example, the auditor should ask whether:
Reported net income mirrors cash inflows over a period of time.
There is consistency between operating accounts, most especially those of inventory, accounts payable, sales, and cost of goods sold.
The entity’s profitability trends differ significantly from the industry’s trends. For example, why would a bank have loan loss rates that are one-half of that of the rest of the industry when its loan portfolio mirrors that of the rest of the industry?
There is a viable relationship between sales and production data.
The bottom line is this: auditors need to exercise judgment. They need to understand the business and they need to have a strong base of knowledge to both ask the above questions and to analyze responses they receive. When discrepancies exist, the audit team must follow up with further information and evidence that either corroborates management’s view or indicates there is a real problem that is going to require financial statement adjustment.
Communicating the Existence of Fraud
All fraud should be communicated to a level at which effective action can be taken to ensure that the fraud will be dealt with and the likelihood of similar fraud in the future will be decreased. Whenever fraud involves senior management, or involves misstatements that are material to the financial statements, the existence and nature of the fraud should be reported to the audit committee. In some cases, the auditor may be required to report the fraud to outside parties, such as to meet regulatory requirements.
Audit Documentation
The audit team should document the full extent of the process described above. That documentation must include the nature of the discussion among audit team members and the team’s assessment of fraud risk, as well as how hypothesized fraud might take place. The remainder of the documentation should include a discussion of the factors that led to the risk assessment, the procedures performed, the need for corroborating evidence, the effect on the audit, and finally, the evaluation of audit evidence and communication to required parties.
The public has demanded that audit teams do a better job in identifying and finding possible fraud. The standard lays out practical guidance to assist audit teams in accomplishing that objective. An overview of the overall process is shown below in Figure 1.
Figure 1 - Summary of SAS 99 | | ||||
Intentional misstatement arising from:
| |||||
| |||||
Factors usually present when fraud occurs: | |||||
1. Fraud may be concealed: | |||||
Questioning mind and critical assessment of audit evidence. | |||||
| |||||
Auditor has responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement (error or fraud). | |||||
| |||||
2 | |||||
Exercise professional skepticism. | |||||
| |||||
3 |
1. Share experienced auditor's insights. | ||||
Discuss with engagement personnel. | |||||
| |||||
A | |||||
A Obtain information needed to identify the risks of material misstatement due to fraud. |
2. Consider unusual or unexpected relationships identified by analytical procedures, especially those related to revenue recognition.
4. Consider other helpful information. | ||||
5 | |||||
Identify risks that may result in a material misstatement due to fraud. |
Consider the: | ||||
| |||||
The auditor should ordinarily presume that there is a risk of material | |||||
| |||||
The auditor should address the risk of management override of controls. | |||||
6 | |||||
Assess the identified risks after taking into account an evaluation of the entity's programs and controls. | |||||
Consider specific controls and broader programs designed to prevent, deter, and detect fraud. | |||||
B | |||||
Overall response - Consider: A response involving the nature, timing, and extent of audit procedures performed or to be performed. Responses to further address risk of management override of controls: financial statements.
| |||||
Respond to the results of the assessment. | |||||
| |||||
A response involving the performance of procedures to further address the risk: | | ||||
| |||||
It may not be practicable to sufficiently address risk. Withdrawal may be appropriate. | |||||
C | |||||
C | |||||
8 Fraud risk assessment is ongoing throughout the audit. Conditions affecting assessment of risk include: Evaluate whether analytical procedures performed as substantive tests or in Evaluate risks at or near the completion of the audit. Consider implications. Consider withdrawing if evidence indicates significant risk of material misstatement due to fraud.
| |||||
| |||||
| |||||
Respond to misstatements that may be the result of fraud. | |||||
Effect material | |||||
Yes or unable to evaluate. |
No | ||||
with appropriate management, senior management, and the audit committee. | |||||
| |||||
D | |||||
D 9 |
Material or involve senior management ? | ||||
Communicate possible fraud to management, audit committee, and others. |
Report directly to audit committee. Yes | ||||
| | ||||
| |||||
|
If it has continuing control implications, consider if it is a "reportable condition" that should be reported to senior management and the audit committee. | ||||
No | |||||
| |||||
Bring to attention of an appropriate level of management. |
Communication of possible fraud to parties other than the client may be required:a. To comply with legal and regulatory requirements.b. To a successor auditor.c. In response to a subpoena.d. To a funding agency involving governmental financial assistance. | ||||
10 | |||||
Document the auditor's consideration of fraud. |
Document:a. Discussion among engagement personnel in audit planning.b. Procedures performed to obtain information necessary to identify and assess the risks of material misstatement due to fraud.c. Specific risks of material misstatement due to fraud that were identified and a description of the auditor's response to those risks.d. If the auditor has not identified improper revenue recognition as a risk of material misstatement due to fraud, the reasons supporting the auditor's conclusion.e. The results of the procedures performed to further address the risk of management override of controls.f. Other conditions and analytical relationships that caused the auditor to believe that additional auditing procedures or other responses were required and any further responses the auditor concluded were appropriate to address such risks or other conditions.g. The nature of the communications about fraud made to management, the audit committee, and others. | ||||
The Sarbanes-Oxley Act of 2002
Update to Rittenberg & Schwieger
Auditing: Concepts for a Changing Environment
INTRODUCTION
“Concepts for a Changing Environment” is a theme that is both appropriate to the textbook and is descriptive for the year 2002. It is likely that there has not been a year that has impacted the profession as much since the events that led to the enactment of the Securities Act of 1933 and the Securities & Exchange Act of 1934.
This brief supplement provides an overview of the Sarbanes-Oxley Act of 2002 and the impact of the act on the conduct of audits and the nature of the auditing profession. The full implications of the Sarbanes-Oxley Act will not be known for some time as many of the Act’s provisions called for further study to be followed by rules to be implemented by the SEC. Further, it would be a mistake to look at the Sarbanes-Oxley Act in isolation without considering the other changes that were already underway in the profession. This supplement is organized to provide:
An overview of the audit failures that led to the implementation of the Sarbanes-Oxley Act.
An overview of SEC initiatives already underway that were impacting the profession.
A brief overview of the major provisions of the Sarbanes-Oxley Act and the implications for the auditing profession.
The major failures were Enron and WorldCom, both Arthur Andersen clients. There were other accounting and audit failures associated with companies such as Tyco, Qwest, Adelphi (cable company), Waste Management, Micro Strategy, and Xerox, just to name a few. The failures affected all of the Big 5 public accounting firms. Thus, while there may have been unique problems with Arthur Andersen, many in Congress, the profession, and certainly the investment public perceived that the problems in the profession were more widespread than Enron, WorldCom, and Arthur Andersen.
What were these problems or trends that heightened the public’s awareness of the profession? There were at least six major trends that had been addressed by the SEC and others, but not to the extent evident in the Sarbanes-Oxley Act. These trends included:
An increase in “form over substance” in making accounting judgments.
Auditors recognized management as the “client,” not the stockholders. (Of course, management had the power to hire and fire the audit firm.)
Management of earnings became an accepted part of management.
Boards of directors were not independent and were not strong.
Management consulting had grown rapidly for two decades and was larger and more profitable than audit and assurance services.
Audit partners were rewarded on growth and profitability; relationship management became an important component of partner compensation.
The previous three Chief Accountants of the SEC had written articles decrying the decline of professionalism and citing numerous instances in which the accounting that had been okayed by the public accounting firms did not pass the “smell test,” in other words, the accounting just did not make common sense. Finally, the SEC under the leadership of Arthur Levitt decided that change had to be made. In a speech in September of 2001, Chairman Levitt cited numerous problems with the profession and appointed a Blue Ribbon Commission to improve accountability by improving the effectiveness of audit committees. Levitt cited major concerns with:
“Cookie jar reserves” used by firms to manage earnings.
Revenue recognition that did not meet fundamental earnings criteria.
Creative accounting for mergers and acquisitions that did not reflect economic reality.
A reliance on stock-based compensation that put increased pressure on meeting earnings targets.
Chairman Levitt was concerned that public accounting firms did not have either the aptitude or the desire to say NO to client accounting that pushed all the bounds of reasonableness. Rather, he perceived an environment in which client’s said: “show me where the Standards would prohibit the proposed accounting.” Instead, he wanted an environment in which auditors would make independent judgments on the economic substance of transactions and require accounting that was consistent with such judgment. However, the SEC was looked upon as the last hurdle to get over. Rather than auditors exercising independent judgments, it became acceptable to wait and see if the SEC said no. In essence, the profession was failing to perform its primary task – to make independent judgments to ensure that the financial statements presented the fairest picture possible, within the constraints of GAAP.
The SEC was not the only agency that had concerns with the profession. The Public Oversight Board (POB), a quasi-independent board that had broad oversight over the profession (but no real power), had established a commission to look at the audit process. The POB was concerned that the profession was “cutting corners” to make audits more cost effective and thus allow audit partners to be compensated at levels comparable to their consulting partners. Specifically, the POB had concerns that:
Analytical review was being used inappropriately to replace substantive audit procedures.
Audit firms were not thoroughly evaluating internal control and applying substantive procedures to address weaknesses in control.
Audit documentation, especially related to the planning of the audit, was not up to professional standards.
Auditors were ignoring warning signals of fraud and other problems.
Auditors were not providing sufficient warning to investors about companies that might not continue as “going concerns.”
The POB issued a comprehensive analysis of these problems shortly before the major audit failures of 2002. Most of the report reiterated the existence of the problems and suggested actions to be taken by the profession and by individual audit firms.
Finally, the Independence Standards Board (ISB) had been developed and was looking at a number of issues relating to audit independence. The ISB had issued a couple of pronouncements aimed at improving auditor independence, but it had not addressed any of the major issues that many perceived were potential problems; most notably the rising dependence on management consulting and internal audit outsourcing. Further, there was some criticism of the ISB in that two of its members were managing partners of Big 5 firms and a third, Barry Melancon, was the Chair of the AICPA (recently named by Business Week magazine as one of the ten worst managers of the year 2002).
Within the profession, most of the other forces at play were reinforcing the concerns of the SEC. First, the Emerging Issues Task Force (EITF), a constituent-based task force, continued to issue more detailed, technical accounting rules. Ultimately, one of the EITF’s rules contained an obscure paragraph that was used by Enron to justify the arcane accounting for the Special Purpose Entities (SPEs) that were used to cover up their real results. Second, the peer review process initiated by the AICPA relied on one big firm reviewing the processes of a similar big firm. None of the firms were willing to give other than an unqualified report to another firm, or criteria did not exist that would justify such reports. Third, accounting firms circulated papers citing innovative ways to account for transactions. For example, Arthur Andersen circulated a “white paper” that described revenue recognition for communications companies that essentially swapped line capacity with each other (provided that the trades were separated by a small amount of time; this procedure later became known as “round tripping”). Fourth, accounting firms were aggressively pursuing new products, particularly in the tax area, where they could be compensated based on the value-added to the client. Stated another way, they were looking to see contingency-based products where the firm would be a compensated a specific percentage of the tax-savings realized by the client. This led to some public accounting firms recommending that clients like Stanley Tools incorporate outside of the U.S. to gain tax advantages while maintaining their headquarters and most of their operations in the U.S. to take advantage of the protection of our business environment. Finally, the AICPA had established itself more as a trade association than as a professional organization serving the public interest. For example, the AICPA has consistently lobbied for most of its practitioners, especially those with smaller firms, be exempt from restrictive rulings proposed by the SEC. Further, the AICPA embarked on a campaign to establish a new, non-accounting and non-audit based credential, to establish the holder’s expertise in global affairs and consulting. The new credential, sometimes referred to as XYZ or Cognitor, went down to resounding defeat by the membership of the AICPA, many of whom felt it abandoned the roots and public trust foundation of the audit profession.
Some supporters of the profession likened the problems of 2002 to the “Perfect Storm.” While this may be an exaggeration, there were a number of analogies. However, in the view of many, it was not like the “Perfect Storm” depicted in the movie because the events that were taking place were not one-time events. The problem is that the profession did not seem to see all the warning signs that existed.
An overview of these events is shown in Figure 2 below.
Figure 2
The Accounting Profession and the
Non-Perfect Storm
Thus while there were many critics that were sending “caution” signals to the profession, the profession continued to see only the green light of continued progress. There was a mistaken sense that changes in the legal environment had protected the auditor and that as long as a technical accounting treatment could be justified, there was little threat to the profession.
SEC ACTIONS
The SEC was warning the profession of potential problems. For the most part, the majority of practicing professionals believed the warnings were not justified because the majority of practitioners continued to practice with the highest level of integrity and were willing to say NO to clients. Nonetheless, clients continued to be aggressive and pushed firms for friendlier treatments of accounting issues, or for disclosures that may be technically accurate, were less than forthcoming.
The SEC issued four major pronouncements that had already set into action many of the concepts that were reinforced in the Sarbanes-Oxley Act. They were:
Issuance of SAB 99 on materiality.
Issuance of SAB 101 on revenue recognition.
Revision of the Commission’s Rules on Auditor Independence.
Formal endorsement of Blue Ribbon Commission recommendations strengthening audit committees.
Materiality
SAB 99 reinforced the basic definition of materiality. The SEC expressed their view that auditors had neglected the “qualitative” aspect of materiality and had focused too much on rules of thumb, such as a 5% of net income view. The SEC applied the concept of materiality to not only the numbers in the financial statement, but to the clarity of disclosures and the accounting choices made to portray the financial results. In essence, the SEC challenged the accounting profession to enforce its own concepts of materiality and to look at issues from an objective investor’s viewpoint.
Revenue Recognition
The SEC chose to issue this statement after reviewing a number of SEC enforcement actions against companies that had pushed the limits of revenue recognition. The enforcement action covered both dot.com companies such as Priceline.com as well as other companies that had frequently used “channel stuffing” as a method to enhance either quarterly or yearly income. (In the Priceline.com situation, the company had chosen to record revenue for the full amount of the ticket issued even though the company was acting more like a travel agent that provided services through matching a product with a customer.) The SEC encouraged the profession to focus on the nature of the earnings process and suggested that the commission earned, not the value of the airline ticket, was the real measure of revenue. The SEC noted that channel stuffing was used to boost revenue to meet “earnings guidance” provided to Wall Street. The SEC noted that there were frequently signs that channel stuffing had taken place such as returns of merchandise after year-end, or smaller sales in the next quarter.
As in SAB 99 on materiality, the SEC was urging the profession to enforce its own accounting concepts. Essentially, the SEC urged the profession to go back to its basic principles recognizing revenue that:
met the earnings principle,
was realized,
reflected the principal revenue-producing activities of the organization.
The SEC again encouraged the profession to exercise its independent judgment following broad principles rather than assisting clients in structuring transactions that met technical rules.
Auditor Independence
The SEC felt strongly that the profession needed to be reminded of the basic principles underlying auditor independence. They started with three basic principles, which have been expanded to a fourth after the issuance of Sarbanes-Oxley. Those principles are:
A public company auditor, in order to be independent, should not audit its own work (as it would if it provided internal audit outsourcing services, financial information systems design, appraisal or valuation services, actuarial services, or bookkeeping services to an audit client).
A public company auditor should not function as part of management or as an employee of the audit client (as it would if it provided human resources services such as recruiting, hiring, and designing compensation packages for the officers, directors, and managers of an audit client).
A public company auditor, to be independent, should not act as an advocate of its audit client (as it would if it provided legal and expert services to an audit client in judicial or regulatory proceedings).
A public company auditor should not be a promoter of the company's stock or other financial interests (as it would be if it served as a broker-dealer, investment adviser, or investment banker for the company).
Following these general principles, the SEC identified nine services that should not be performed by public accountants, or should be performed with some restrictions. These nine services included:
Bookkeeping or other services related to the accounting records or financial statements of the audit client.
Financial information systems design and implementation.
Appraisal or valuation services, fairness opinions, or contribution-in-kind reports.
Actuarial services.
Internal audit outsourcing services.
Management functions or human resources.
Broker or dealer, investment adviser, or investment banking services.
Legal services and expert services unrelated to the audit.
Any other service that the Public Company Accounting Oversight Board (PCAOB) determines, by regulation, is impermissible.
The SEC initially mandated public disclosure of the amount of fees paid to public accounting firms, including a separation of audit fees, consulting fees related to systems design, and other consulting fees. This provision was strongly opposed by the public accounting profession, but the data were compelling to the public. In many instances the fees paid to public accounting firms were not only larger than the audit fees, but sometimes significantly larger – even ten times larger in one case. Enron was often cited as a case in point where consulting revenue exceeded audit revenue. Further, Enron was a case in which the internal audit work was outsourced to the external audit firm, leaving many to question whether the internal auditors could have possibly given the Board of Directors an independent evaluation of either controls or accounting treatments.1
The SEC subsequently encouraged the large public accounting firms to jettison their consulting arms and concentrate on building back the public trust. Two of the Big 5 firms had done so prior to the enactment of the Sarbanes-Oxley Act. PricewaterhouseCoopers sold its consulting division to IBM in 2002 and Deloitte & Touche completed plans to spin-off its consulting arm into a separate publicly held company in 2003.
Strengthen Audit Committees and Boards
The SEC endorsed the recommendation of the Blue Ribbon Commission on Audit Committees and subsequently endorsed the ruling requirements of the NYSE to strengthen the role of audit committees. The SEC has also pushed for greater independence of board members. One of the major recommendations was to make the audit committee the real client of the auditors with the sole authority to hire or fire the independent external auditor. Further, the audit committee had the sole responsibility to approve or disapprove of any non-audit services performed by their external auditors. The audit committee was required to report the judgments formally in an annual report.
THE SARBANES-OXLEY ACT OF 2002
The storm hit when Enron failed and declared the largest bankruptcy in U.S. history. It sank the ship when WorldCom became the largest bankruptcy in U.S. history. In both of these companies, the operational failures were covered up with clever accounting frauds that were not detected by the public accounting firms. The press, Congress, and the general public continued to ask why such failures could have occurred when the public accounting profession was given the sole license to protect the public from financial fraud and misleading financial statements.
The Sarbanes-Oxley Act is comprehensive. It is important to understand that while it contains many provisions, a good part of the Act represents a work in progress. It has mandated the GAO and the SEC to conduct numerous studies of the accounting profession and the nature of financial reporting and to report back to congress with their recommendations. We will cover the nature of the studies to be performed as well as the specific actions taken in the Act.
Studies Required
The legislators were concerned that more independent information was needed on several fronts before specific legislation could be implemented. For example, there is a great deal of controversy as to whether part of the problem was due to an increased tendency towards “rule-based accounting.” On the other hand, there are equally compelling questions on whether or not the profession is equipped to ensure that consistent judgments reflecting economic reality will be made under a “principles-based” approach to accounting. The specific studies, along with the Act’s section number are as follows:
- Section 207 – Study of Mandatory Rotation of Registered Public Accounting Firms
• Directs the GAO to conduct a study and review of the potential effects of requiring the mandatory rotation of registered public accounting firms and report its findings to Congress within one year of enactment date.
Section 701 – GAO Study and Report Regarding Consolidation of Public Accounting Firms
• Directs the GAO to conduct a study and report its findings to Congress within one year of enactment date that would examine the reasons for the consolidation of accounting firms since 1989. The legislation notes that the public accounting profession went from eight major multinational firms to only four. Legislators want to know the economic reasons for the change as well as the implications for protecting the public.
- Section 702 – Commission Study and Report Regarding Credit Rating Agencies
- Section 703 – Study and Report on Violators and Violations
- Section 704 – Study of Enforcement Actions
- Section 705 – Study of Investment Banks
Major Provisions of the Act
There are major provisions of the Act that will affect the nature of the public accounting profession and the nature of financial reporting for some years to come. Some of the major provisions include:
Establishment of a Public Company Accounting Oversight Board with broad powers, including the power to set auditing standards and choose whether or not to set accounting standards,
Requirement that the CEO and CFO certify the financial statements and the disclosures in those statements.
Requirement that companies provide a comprehensive report on internal controls over financial reporting and that their auditors report on internal controls.
Audit Committees be given expanded powers as the “audit client” and must pre-approve any non-audit services by public accounting firms. Audit committees must also report publicly.
Audit Committees must have at least one person who is a financial expert and must disclose the name and characteristics of that individual. Other members must be knowledgeable in financial accounting as well as control.
Partners in charge of audit engagements, as well as all other partners or managers with a significant role in the audit, must be rotated off the engagement every five years.
There must be a “cooling off” period before a partner or manager can take a high-level position in a client without jeopardizing the independence of the public accounting firm.
Increased disclosure of all “off-balance sheet” transactions or agreements that may have a material current or future effect on the financial condition of the company. The SEC is required to study the nature of such agreements and/or transactions and develop improved accountability.
The PCAOB
By far, the most compelling part of the Act is the establishment of the Public Companies Accounting Oversight Board (PCAOB). This Board will ultimately determine the nature of auditing and accounting, including responsibilities for detecting fraud and other financial misdeeds. The PCAOB is to have five members, three of whom cannot be CPAs. The PCAOB has the ability to make choices including:
Setting of auditing standards. It can choose to set them or it can rely on an independent standard setting body. Historically, auditing standards have been set by the Auditing Standards Board of the AICPA .
Setting accounting standards. The PCAOB can choose to set accounting standards, provide oversight of the FASB, or choose some other body such as the International Accounting Standards Board to set accounting standards. The SEC has so far endorsed the FASB but has suggested that there be more cooperation between the FASB and IASB.
Set standards for the reports on internal control and/or risk management.
Perform quality review of public accounting firm performance and recommend penalties, including censure, if the firms fail to perform at required levels.
Establish quality control standards for the conduct of audits of public companies.
The PCAOB is off to a rough start because of controversy over the nomination of its first chair, William Webster, and the subsequent resignation of the SEC Chair, Harvey Pitt. However, as of January 2003, it has an Acting Chair and is moving forward on many issues before it.
Other Provisions of the Act
As noted earlier, many of the other provisions of the Act pertain to the investment community, especially investment bankers. The following is a broad summary of the major provisions of the Act along with the section number. We will continue to provide updates as the Act is implemented.
Title 1 – Public Company Accounting Oversight Board- Section 101 – Establishment of Board
- Section 102 – Registration with the Board
- Section 103 – Auditing, Quality Control, and Independence Standards and Rules
- Section 104 – Inspection of Registered Public Accounting Firms
- Section 105 – Investigations and Disciplinary Proceedings
- Section 107 – Commission Oversight of the Board
- Section 108 – Accounting Standards
- Section 109 – Funding
- Section 201 – Services Outside the Scope of Practice of Auditors
- Bookkeeping or other services related to the accounting records of financial statements of the audit client.
- Financial information system design and implementation.
- Appraisal or valuation services, fairness opinions, or contribution-in-kind reports.
- Actuarial services.
- Internal audit outsourcing services.
- Management functions or human resources.
- Broker or dealer, investment advisor, or investment banking services.
- Legal services and expert services unrelated to the audit.
- Any other service that the Board determines, by regulation, is impermissible.
- Section 202 – Pre-approval Requirements
- Section 203 – Audit Partner Rotation
- Section 204 – Auditor Reports to Audit Committees
- Section 301 – Public Company Audit Committees
- Section 302 – Corporate Responsibility for Financial Reports
- Section 303 – Improper Influence on Conduct of Audits
- Section 304 – Forfeiture of Certain Bonuses and Profits
- Section 401 – Disclosures in Periodic Reports
- Section 402 – Enhanced Conflict of Interest Provisions
Section 403 – Disclosures of Transactions Involving Management and Principal Stockholders
• Requires directors, officers and principal stockholders to file a statement with the SEC when they sell stock, or obtain new stock from the issuer in question. Statements must be filed at the time of registration of such security on a national securities exchange or by the effective date of a registration statement; within 10 days after he or she becomes such beneficial owner, director or officer; if there has been a change in such ownership, within two days of the initial acquiring of such security, i.e. security-based swap agreement.
- Section 404 – Management Assessment of Internal Controls
- Section 406 – Code of Ethics for Senior Financial Officers
- Section 407 – Disclosure of Audit Committee Financial Expert
- Section 408 – Enhanced Review of Periodic Disclosures by Issuers
- Section 409 – Real Time Issuer Disclosures
Section 501 – Treatment of Securities Analysts by Registered Securities Associations and National Securities Exchanges
• Requires the SEC to adopt rules that are reasonably designed to address conflicts of interest that can arise when securities analysts recommend equity securities in research reports and public appearances.
1 Based on public documents, it is also questionable whether or not Enron’s Board was sufficiently independent that it would have been interested in truly independent evaluations.
39