Is An Auditor Independent If They Provide Consulting Services

Performing certain nonaudit services for audit clients can impair independence. Misrepresenting nonaudit services as immaterial and mischaracterizing them as audit services obscures the conflicts of interest that may occur when both services are performed for an audit client. In the United kingdom of great britain and northern ireland, regulators are moving towards separating audit businesses operationally. The SEC should study the issue to determine how to implement a similar split in the U.s.a.. Nothing short of this remedy is sufficient to protect the public interest.

***

For years, auditing firms had argued that the performance of nonaudit services to inspect clients does not impair audit independence, and regulators failed to act. The Sarbanes-Oxley Act (SOX) of 2002 changed all that when the SEC prohibited sure nonaudit services that might impair audit independence. Since so, some CPA firms that provide audit services have violated Dominion 2-01 of SEC Regulation S-10 that requires auditors to be independent both in fact and appearance. These violations take occurred considering these firms engaged in prohibited nonaudit services, failed to apply appropriate quality controls to provide reasonable balls that independence was maintained, or failed to comply with PCAOB Dominion 3525, which requires certain communications between the auditor and the audit committee that impact whether independence existed during the engagement and at the time the audit report was issued.

One area of recent concern is that problems can arise when otherwise permissible nonaudit services are provided to a nonaudit customer that becomes an affiliate of an audit customer. The independence rules and so apply to both clients as if they were ane entity. Some firms are now using a materiality benchmark to determine whether these nonaudit services provided to an affiliate entity, which would be prohibited if the parent had provided them, violate the independence requirement in inspect engagements. Applying such a materiality standard can have the result of dismissing otherwise improper relationships.

In other cases, audit firms have misrepresented nonaudit services as function of the audit services to get around the rules that prohibit certain nonaudit services for audit clients. Purposely doing so misleads the users of financial statements about independence.

Interim equally if the rules do not apply universally represents a problem that, left untreated, may fester and lead to independence violations that become worse. Auditors may be subconsciously regarding the independence ethical requirements every bit not applying to them or not worth because because they know they possess objectivity and integrity. But the end consequence is that too many auditors are violating ethical requirements.

The examples discussed in this article propose that audit firms are either unaware of these requirements or ignoring them, at least as they pertain to determinations whether nonaudit services provided to audit clients violate independence. It may be that an audit-simply firm can practice a better chore of ensuring adherence to independence rules than a firm that does not have an exclusively audit culture.

Violations Involving Nonaudit Services

Several settlements betwixt the SEC and PCAOB and large accounting firms illustrate what happens when audit firms have provided nonaudit services to audit clients in violation of independence. In these cases, the firms represented that they were independent in audit reports when they were not, in violation of SEC Dominion 2-02(b) of Regulation S-Ten and PCAOB Rule 3525.

On September 23, 2019, PricewaterhouseCoopers agreed to pay $7.nine million to settle charges that the firm violated Rule 2-02 by performing prohibited nonaudit services during an audit appointment, including exercising conclusion-making dominance in the design and implementation of software relating to an audit customer's financial reporting, and engaging in management functions. The business firm'due south actions created a self-review threat to independence. In improver, the firm violated PCAOB Rule 3525 in connection with performing nonaudit services for 15 SEC-registered audit clients by failing to depict in writing to the audit committee the scope of work, to discuss the potential effects of work on independence, and to document the substance of the independence discussion. These deportment deprived the issuers' audit committees of the information necessary to assess PricewaterhouseCoopers' independence. The same violations occurred due to breakdowns in PricewaterhouseCoopers' independence-related quality controls, which resulted in the firm's failure to properly review and monitor whether nonaudit services for audit clients were permissible and approved past clients' audit commission [SEC, Accounting and Auditing Enforcement Release (AAER) 4084,In the Affair of PricewaterhouseCoopers LLP, September 23, 2019].

On Baronial 27, 2019, the SEC charged RSM U.s. LLP (formerly known as McGladrey LLP), the fifth largest accounting firm in the United States, with violating Rule two-02(b)(1) in connexion with more than 100 audit reports involving at least 15 audit clients. Co-ordinate to the SEC'due south social club, RSM United states of america repeatedly represented that information technology was contained in audit reports issued on the clients' financial statements fifty-fifty though it provided prohibited nonaudit services to, and had an employment relationship with, affiliates of RSM Us audit clients. The prohibited nonaudit services included corporate secretarial services, payment facilitation, payroll outsourcing, loaned staff, financial information system design or implementation, bookkeeping, internal audit outsourcing, and investment advisory services. The SEC also cited a deficiency in independence controls at the business firm that led to its failure to place and avoid these prohibited nonaudit services. This violation created a self-review threat to independence and created the appearance that the house could not be objective in providing audit services [SEC, AAER 4066, Baronial 29, 2019,In the Affair of RSM Us LLP (f/k/a McGladrey LLP)].

These ii examples illustrate what happens when inspect firms either ignore or misinterpret the restrictions on performing nonaudit services for inspect clients prepare forth in Rule 2-02 besides as Rule ane.295.040 of the AICPA Code. Most of these restrictions are directly or indirectly prohibited nether SOX and SEC Rule ii-01, which mirrors SOX restrictions.

The following violations occurred because of the misleading manner independence was determined and conclusions thereof.

Materiality Exceptions

KPMG was involved in a client acceptance procedure for an entity when it learned that the firm had been providing nonaudit services to affiliates of the entity that the firm would be prohibited from providing if it became the independent accountant. These services included bookkeeping and payroll services provided to affiliates in xi different countries. According to AAER 3530, "the KPMG audit engagement team—in consultation with the firm'south Independence Group—concluded that, based on the perceived immateriality of the locations and services provided." KPMG's overall independence would not be impaired if it became the auditor of the entity simply too connected providing the nonaudit services to the affiliates during the transition period of February 22, 2008, to July 1, 2008. KPMG became the auditor and confirmed to the client that it was "independent with respect to [the client] and its related entities under applicable SEC and PCAOB independence requirements" [SEC, AAER 3530, January 24, 2014,In the Matter of KPMG LLP, Respondenthttps://www.sec.gov/litigation/admin/2014/34-71389.pdf)]. The firm's actions violated SECs Dominion 201(c)(5) and Rule 10A-2.

Is independence a standard best left to the individual sentence of the auditors, or is it based on SEC regulations and PCAOB standards?

Using a materiality benchmark to determine whether certain nonaudit services should be allowed presents some difficult questions: 1) Is independence a standard best left to the individual judgment of the auditors, or is it based on SEC regulations and PCAOB standards? ii) Where do you lot draw the line in making materiality determinations?

Mischaracterizing Nonaudit Services

Returning to the agreement between PricewaterhouseCoopers and the SEC discussed above, the firm violated SEC Rule 2-02(b) of Regulation S-X and PCAOB Rule 3525 by engaging in improper professional bear in violation of the independence rules on 19 engagements on behalf of 15 SEC inspect clients. This case is unique because the firm had mischaracterized certain nonaudit services equally part of the audit date to brim its ethical responsibilities under SEC and PCAOB rules.

In 2014, PricewaterhouseCoopers performed nonaudit services for an audit client apropos Governance Risk and Compliance (GRC) software. According to AAER 4084: "GRC systems are used by companies to coordinate and monitor controls over financial reporting, including employee admission to critical financial functions." The client "intended to use the GRC software to generate data as part of the company's command environment and to provide information to aid personnel in forming conclusions regarding the effectiveness of internal controls related to financial information systems." At the time the GRC organisation was being implemented, it was intended to be subject field to the internal control over fiscal reporting inspect procedures.

Every bit stated in AAER 4084, the SEC rules:

prohibit independent auditors from designing and implementing systems such equally GRC where the software aggregates source information or generates information significant to the clients' financial statements or other financial systems as a whole. Designing, implementing, or operating systems affecting the financial statements may also place the accountant in a management role, or result in the accountant auditing his or her own piece of work or attesting to the effectiveness of internal control systems designed or implemented by that auditor. The independence rules also prohibit an independent auditor from performing management functions. (AAER 4084)

Communications betwixt PricewaterhouseCoopers and its audit client show that the client's head of internal audit was concerned whether the house could provide an implementation proposal and inquired near auditor independence. Brandon Sprankle, who was the partner responsible for supervising the functioning of prohibited nonaudit services, violated SEC Dominion 2-02 when he responded that "we are absolutely permitted to implement so there will be no issues," even though he was aware that the business firm's independence policies did not allow it or him to implement the GRC arrangement.

Communications with the customer evidence the disconnect betwixt the customer's expectations and how PricewaterhouseCoopers was describing its data systems services, ostensibly to skirt the requirement not to perform sure nonaudit services for inspect clients. An e-post from the client'southward and then-head of internal audit, who objected to the description of services independent in the draft engagement letter, informed PricewaterhouseCoopers that the proposed piece of work was an implementation project that had been outsourced to the house. The final date letter described the work on the GRC project "as performing assessments and loftier-level recommendations" even though an internal PricewaterhouseCoopers communication had characterized the engagement every bit a design and implementation project.

PricewaterhouseCoopers agreed to pay more than $7.9 one thousand thousand to settle charges with the SEC that it performed prohibited nonaudit services during an audit engagement, including exercising decision-making authority in the design and implementation of software relating to an audit client'south fiscal reporting and engaging in management functions.

The firm besides violated PCAOB Rule 3525 by declining to describe in writing to the audit commission the scope of work, the potential effects of work on independence, and the substance of the independence give-and-take. These actions deprived the issuers' audit commission of information necessary to assess PricewaterhouseCoopers' independence. The violations occurred due to breakdowns in PricewaterhouseCoopers' independence-related quality controls, which resulted in the house's failure to properly review and monitor whether nonaudit services for inspect clients were permissible and approved by clients' inspect commission (SEC, AAER 4084,In the Affair of PricewaterhouseCoopers LLP, Sept. 23, 2019, https://bit.ly/32UNzgO).

On another project for the aforementioned audit client, PricewaterhouseCoopers provided services related to the client's upgrade of its enterprise software and related programs. Many of the services were nonaudit work to be performed before implementation of the arrangement, including assessments and reviews before the system was in use, with the firm making recommendations and providing reports to the client.

To gain approval for the projection by PricewaterhouseCoopers's Risk Balls Independence Group (RAI), a draft appointment letter was prepared that described the services equally including approximately 1,000 hours of work by the customer's personnel and noting that the services would be performed in accordance with the Standards for Consulting established by the AICPA. The customer's inspect commission approved the projection equally "nonaudit consulting" services with respect to the pre-implementation review of the enterprise software upgrade.

PricewaterhouseCoopers' ain RAI raised a ruddy flag about the appointment, largely due to the 1,000 hours that made it seem as though information technology was an internal inspect co-sourcing engagement, which is prohibited for an audit client. The firm'south information engineering manager suggested that the project should cease interest of the client's internal audit department in the assessment or seek formal clearance by the firm's U.S. Independence Function in its assessment.

Sprankle did neither; instead, he inverse the description of the services from a consulting project to audit procedures. According to AAER 4084:

because the projection was re-characterized as audit services, the piece of work was not subject to proper internal review to assess auditor independence prohibitions, including a review to determine whether the project constituted prohibited non-audit services or outsourced internal audit piece of work to be performed during the inspect engagement of the Issuer company.

(AAER 4084)

Exhibit i summarizes the discussions about violations involving nonaudit services, using materiality exceptions, and mischaracterizing nonaudit services.

Showroom 1

Performing Prohibited Nonaudit Services for Inspect Clients

SEC Proposal to Amend Accountant Independence Rules

On Oct 20, 2020, the SEC appear changes to Rule 2-01 of Regulation Southward-10 that loosens independence rules with respect to the auditing of affiliates and investment company clients.

The new rule would limit the range of audit customer affiliates from which an auditor must maintain its independence by: 1) amending the definition of "affiliate of the audit client" to carve out affiliates nether common control (i.east., sister entities) that are non material to the controlling entity and two) providing, with respect to the audit of an investment company, investment advisor, or sponsor, that the auditor and audit client would await solely to the definition of "investment visitor complex" to identify audit customer affiliates under common control that are non fabric to the controlling entity ("SEC Adopts Amendments to Auditor Independence Rules," October 20, 2020, https://bit.ly/3ocayMV).

The new rule defines an affiliate of the audit client as "an entity that has control over the inspect client … or which is under common command with the audit client, including the audit client's parents and subsidiaries." The issue is that entities under common control with the audit customer ("sister entities") are considered affiliates and fall within the definition ("audit customer") fix forth in Dominion 2-01 (SEC, 17 CFR Function 210, Amendments to Rule 201, Qualifications of Accountants, https://scrap.ly/300pl2H).

The dominion gives auditors more discretion in assessing conflicts of interest in affiliate relationships with the firm's audit clients. The motivation for the change seems to be an assay by the SEC that the audit firm tin maintain its objectivity and impartiality (hence its independence) in these control relationships based on a materiality exception. According to SEC Chair Jay Clayton, the rules changes would "permit audit committees and [SEC] commission staff to improve focus on relationships that could impair an auditor's objectivity and impartiality" and avoid "spending time on potentially time-consuming inspect committee review of not-substantive matters" ("SEC Planning to Loosen Auditor Independence Rules," Jan 2, 2020, https://bit.ly/2ROOc51).

While a materiality test applied to fiscal reporting issues is commonplace, information technology has no place in ethics determinations. Any rule violation—regardless of a size test—is unethical.

By introducing a significance test to determine whether an affiliate is material to the controlled entity, the SEC has opted to rely on the judgment of the accountant and audit business firm to make up one's mind when independence is impaired rather than strictly applying the ethics rules as written. While a materiality test practical to financial reporting issues is commonplace (i.due east., to determine whether restatements to the financial statements are warranted), information technology has no place in ethics determinations. Any rule violation—regardless of a size test—is unethical. At that place should not be a materiality examination to decide right versus wrong. Moreover, once the door is opened to making materiality judgments on independence issues, firms may seek to use it in interpreting other rules. For example, should a firm be able to provide "non-material" contingent fee and commission-based services to a not–audit chapter once it is combined with the controlling entity for which audit services are provided? The problem with establishing a materiality criterion in 1 rule is it becomes an upstanding slippery slope for other dominion interpretations.

Information technology is troubling that the SEC may have given up in its efforts to make independence the cornerstone of audit engagements; instead, it may exist relying on objectivity and impartiality under the guise of a materiality exception. The SEC had highlighted in the by the importance of audit independence with regard to nonaudit services in a response to frequently asked questions seeking clarification of the rules. One question asked was whether prohibited nonaudit services performed for audit clients would be permitted when "information technology is reasonable to conclude that the results of these services will not exist subject field to inspect procedures during an audit of the audit client's fiscal statements." The SEC responded that there is a rebuttable presumption that the prohibited services will exist subject to audit procedures. It went on to say:

"the development of the ground for the judgment is, in and of itself, an audit procedure relating to the determination of whether to utilise detailed audit procedures to a unit of the consolidated entity. Therefore, materiality is not a basis upon which to overcome the presumption in making an interpretation that it is reasonable to conclude that the results of the services will not be subject to audit procedures" ("Role of the Chief Accountant: Application of the Commission'due south Rules on Auditor Independence: Ofttimes Asked Questions," Updated as of June 27, 2019, https://flake.ly/3hOCBgU).

By its response, it appears that the SEC believes that a determination of the significance of nonaudit services should not exist affected past materiality considerations. The question—and the response discussed above—was first asked on January 16, 2001. Given its recent ruling that loosens accountant independence rules, even so, the SEC'south support for independence as the backbone of the audit profession seems to exist waning.

The U.1000. Experience

In the backwash of the liquidation of two large companies, Carillion and BHS, the Fiscal Reporting Council (FRC), the U.k.'s accounting watchdog, has been examining the question of whether the performance of all nonaudit services for audit clients should be prohibited. The impetus for the review is the FRC'due south claims that auditors from KPMG in both instances did not "challenge management plenty," were not "sufficiently skeptical, and were inconsistent in their execution of audits." The FRC concluded that "there remains public business organization most whether the provision of nonaudit services undermines auditor independence." (Jason Bramwell, "KPMG U.K. is Giving Up Non-Audit Work on FTSE 350 Clients. Will the Other Big four Firms Follow?," Nov viii, 2018, https://bit.ly/2Esmp7u)

KPMG indicated it would non continue to provide nonaudit services to inspect clients, albeit with some qualifiers, such equally continuing to provide nonaudit services, such as consultancy, to smaller U.Chiliad.-listed clients, as well as private firms of all sizes. It also failed to give an end date for the changes.

Other firms, including Pricewaterhouse Coopers and Ernst & Young, besides said they would terminate offering nonessential consulting services to its largest British public audit clients by 2020. The firms stated their goal is to eliminate whatsoever perception of conflict betwixt selling audit and consulting piece of work to the same customer (Audit Conduct, "In United kingdom of great britain and northern ireland, three of the large 4 denote they will end performing consulting services for large audit clients," January 31, 2019, https://bit.ly/3hRyn87). The key here is: what is a "nonessential consulting service?" Perhaps the firms purposefully left it vague.

There has been a smashing deal of controversy in the U.G. almost how all-time to restrict nonaudit services for inspect clients. The U.M. Competition and Markets Authorization (CMA), a government department, issued a written report on April 18, 2019, that recommended an operational dissever of audit and nonaudit services. The large firms would be divide into divide operating entities with respect to auditing and consultancy functions to reduce the influence of consulting practices upon auditing divisions. The split would help preclude potential conflicts of involvement from impairing inspect independence and increasing the public trust in the quality of financial statements. However, the CMA stopped curt of recommending a full breakup based on business firm services (Competition and Markets Say-so, "Statutory audit services marketplace report," Terminal Study, Apr 18, 2019, https://chip.ly/2RPQbpH).

There has been a great deal of controversy in the U.K. about how best to restrict nonaudit services for audit clients.

Some in the U.Thou. accounting profession have warned that the split of nonaudit and audit services into separate entities would challenge firms' ability to adjust to changes in market place conditions, maybe because inspect fees business relationship for only 20% of the firms' overall fee income, making it less probable that audit firm could operate profitably equally a stand-alone entity.

The CMA has said that the proposed separation would have auditors "focus exclusively on audit to secure higher quality, and not also on selling consulting services." They suggest that the separation would achieve this by:

Creating a strong culture in the audit house and eliminating tensions with the very different culture of advisory services
Enhancing transparency
Making audit truly contained past catastrophe the subsidies from the rest of the house
"Demonstrating a culture of quality, independence, and objectivity" and eliminating "undue influence from the wider (nonaudit) business" (Callum MacRae, "FRC Calls for the Pause-upward of Inspect and Non-Audit Services of the Big 4," https://flake.ly/32TTkeI).

A study group written report prepared on behalf of the U.Thou. parliamentary Labour Party called for a legal separate between audit and nonaudit services. The group was non convinced that an operational split would arrive plenty, calling instead for ii legally split organizations. In essence, it calls for a structural breakup of large firms, saying that it would be more effective than other options in "tackling conflicts of involvement" and providing "professional person skepticism needed to deliver high-quality audits." ("Reforming the Auditing Industry," https://fleck.ly/3iXTZkS)

On February 27, 2020, the FRC sent a letter of the alphabet to the seven biggest U.K. audit firms—the Big Four as well every bit BDO, Grant Thornton, and Mazars—asking them to separate their audit practices and put in place independent boards to brand changes to how they run their audit business to reduce conflicts of involvement. The regulator is asking companies to take steps to split their inspect businesses in accelerate of expected legislation that could mandate these separations. The event of such a separation would be that inspect units at these seven companies would have to be financially independent from other concern units, thereby ending profit sharing between audit and other entities and establishing carve up boards to strengthen governance (Nina Trentmann, "U.M. Regulator Asks Bookkeeping Firms to Wall-Off Audit Practice, Install Split Lath,"The Wall Street Journal,https://on.wsj.com/2G3nOS9).

On July half-dozen, 2020, the FRC told the Big Four to draw up plans for an operational split by separating their audit businesses by October 23, 2020 and for the work to be completed by mid-2024. The changes practice non apply to smaller firms. The regulator stopped brusk of ordering a total, structural breakdown that would have required audit entities to be spun off into separate legal entities.

The FRC listed 22 principles the Big Four take had to adhere to since June 30, 2020. Under the principles, the Big Four take to segregate their inspect practices and ensure that audit partners spend the majority of their fourth dimension on audits. Deloitte said it will plant an independent audit governance board (AGB), with responsibility for providing independent oversight of the U.K. audit practice from Jan ane, 2021. KPMG has gone further, stating that "KPMG supports operational separation and have already taken action which demonstrates how serious nosotros are almost rebuilding trust in our profession." The house plans to discontinue nonaudit services to Financial Times Stock Commutation (FTSE) 350 companies audited, to introduce graduated findings in their audit reports and to change their governance to create a dissever audit board, which is solely focused on the performance management of their audit business organisation. The firm said it plans to submit its detailed implementation plans to the FRC by the October 23 deadline (Accountancy Daily, "Audit firms written report carve up progress," https://bit.ly/3j4stlB).

Michael Izza, chief executive of the Plant of Chartered Accountants in England and Wales, said the FRC announcement provided a useful framework for running an audit business firm; "however," he said, "information technology will do little to improve quality or pick in the market." Others have said that audit firms need to overhaul their attitudes toward clients, pointing out that the problem is with the civilisation within audit firms as being too deferential to clients' senior management (Nina Trentmann, "U.K. Regulator Orders Big 4 to Dissever Audit Practices by 2024,"Wall Street Journal,https://on.wsj.com/2RMtuTv).

The U.K. has been trying to encourage audit firms to voluntarily divide off audit from nonaudit services; notwithstanding, firms do not seem inclined to do so. As a upshot, the FRC is due to be replaced past a stronger regulator called the Audit, Reporting, and Governance Dominance, which is expected to force a breakup of the Big Four.

The U.K. experience should exist looked at by the SEC to appraise whether a separation of audit and nonaudit services operationally could work in the The states. The profession has talked near it for many years. It may be premature to report a legal carve up into ii entities. Given the expanding scope of prohibited nonaudit services and how they may be mischaracterized to skirt the independence rules (as discussed above), it seems to this writer that the time is right for such a carve up in the Usa.

By operationally splitting audit and nonaudit services, the firms would point that they take their obligation to exist independent in fact and advent seriously.

Protecting the Public Interest

In fiscal 2018, 34% of the Big Four's combined global revenue came from auditing, compared with 43% from consulting and advisory work; the rest came from tax and legal work. The Big Four have generated more revenue from consulting and informational services than from auditing since fiscal 2015 (Andrew Grill, "The Big 4 Consulting revenue now exceeds inspect piece of work—we demand to consider the "Large 6" in consulting," April 10, 2018, https://bit.ly/2Hf2Ss3).

Given audit firms' insatiable ambition for consulting and advisory services and its larger piece of the acquirement pie, it is unlikely that U.S. CPA firms would back up separating audit from nonaudit services. The firms' position has been that the expertise gained through greater admission to technology and the clients' businesses helps to deliver high-quality audits. Investors, on the other paw, worry almost audit firms shifting their focus abroad from core auditing responsibilities and the potential for conflicts of interest when earning large consulting fees from an inspect client.

The rise of consulting services is generally considered to have fundamentally inverse the culture of CPA firms. Gone are the days when nigh bookkeeping professionals are steeped in a strong ethics culture. Today, consulting and advisory services are being provided by experts who may or may not be CPAs. They are used to a competitive marketplace for such services and may be more willing to compromise on independence to gain lucrative consulting services.

By operationally splitting audit and nonaudit services, the firms would signal that they take their obligation to be independent in fact and appearance seriously, and that they recognize the importance of avoiding conflicts of interest when both services are provided to a customer. The public should await nix less.

Steven M. Mintz, PhD, CPA is professor emeritus of accounting at the Orfalea Higher of Business concern, California Polytechnic State Academy, San Luis Obispo, Calif. He is a member of The CPA Periodical Editorial Advisory Board.