For over 50 years, observers have questioned whether auditors who provide consulting or other nonattest services to their clients can be independent, and regulators continue to grapple with the issue. (See H. B. Levy, “Unsolved Problems in Auditing: A Half-Century Retrospective and Update,” The CPA Journal, February 2016.) In addition, all auditors know that certain family relationships with a key client employee will impair their independence. But when has anyone ever challenged auditor independence based on an intimate or other close nonfamilial relationship?
On September 19, 2016, the SEC announced its first ever enforcement actions for “auditor independence failures due to close personal relationships between auditors and client personnel,” according to Andrew J. Ceresney, director of the SEC’s Division of Enforcement. Furthermore, as told to this author by Michele Craig, technical manager of the AICPA’s Professional Ethics Division, the AICPA has not to this date sanctioned a member for having a close, non-familial relationship with a client that was deemed to impair independence.
Has the SEC awakened a sleeping giant?
The SEC’s Recent Actions
In the SEC’s recent actions, the firm of Ernst & Young agreed to pay $9.3 million (excluding amounts payable by individuals involved) to settle charges that two of its audit partners “got too close to their clients on a personal level” and violated auditor independence rules. In Ceresney’s words, Ernst & Young “did not do enough to detect or prevent these partners from getting too close to their clients and compromising their roles as independent auditors.” Facts in the two separate cases are detailed in Accounting and Auditing Enforcement Releases (AAER) 3802 and 3803 (Release Nos. 34-78872 and 34-78873, respectively) and are summarized as follows:
- In the first matter (AAER 3802), the senior partner assigned to an audit engagement, Gregory S. Bednar, was directed to improve the firm’s relationship with the client because it was a “troubled account.” Consequently, Bednar and the client company’s CFO exchanged hundreds of personal text messages, emails, and voicemails during the auditing periods investigated, stayed overnight at each other’s homes on multiple occasions, and traveled together with family members on overnight trips “with no valid business purpose.” Bednar also became friends with the CFO’s son and often treated both of them to sporting events and other gifts. Certain Ernst & Young partners became aware of Bednar’s excessive entertainment spending but took no action. The SEC concluded that Bednar had maintained an improperly close friendship with the client’s CFO.
- In the second matter (AAER 3803), an audit engagement partner, Pamela Hartford, maintained a “close personal and romantic” relationship with the client company’s CFO. The relationship was “marked by a high level of personal intimacy, affection, and friendship, near daily communications about personal and romantic matters, and the occasional exchange of gifts on holidays and birthdays.” (Hartford and the CFO lived in different cities and thus were not “spousal equivalents,” a term used in the independence rules, interpretations, and regulations.) Although they tried to keep their relationship a secret, several client employees observed their interactions sufficiently to raise suspicions about impropriety, and another Ernst & Young partner who was senior to Hartford on the audit became aware of facts suggesting the improper relationship but failed to perform a reasonable inquiry or raise concerns to Ernst & Young’s independence monitoring group.
In both matters, the SEC acknowledged that although Ernst & Young’s independence policies recognized that a nonfamilial close personal relationship such as those described above could present an independence problem, these policies and procedures (as well as the related training, controls, and reporting) were inadequate in that they did not mandate any specific inquiries, representations, internal consultations, or other procedures designed to identify and address such relationships.
The familiarity threat is defined in the ICF as the threat of becoming “too sympathetic to the client’s interests or too accepting of the client’s work or product” due to a “long or close relationship” with the client.
What Do the Standards Say about Close Personal Relationships?
All U.S. quality control standards and regulations require that an audit firm’s quality controls include policies and procedures sufficient “to provide the firm with reasonable assurance that personnel maintain independence (in fact and in appearance)” from their audit and attest clients [PCAOB QC 20.09, the AICPA’s QC section 10.22, Rule 2-01(d)(3) of Regulation S-X, and Yellow Book (YB) 3.88]. But the independence standards that are widely applicable in the United States only touch upon personal relationships in indirect, brief, and somewhat subtle ways and are focused primarily on family relationships; they do not define “close personal relationships.”
For all SEC issuers, Rule 2-01(b) of Regulation S-X (17 CFR section 210.2-01) provides the long-established general standard for auditor independence, which all auditors must meet even if their conduct does not fall within the scope of one of the specific prohibitions in Rule 2-01(c). Under the general standard, an accountant is not independent if “a reasonable investor with knowledge of all relevant facts and circumstances would conclude that the accountant is not capable of exercising objective and impartial judgment on all issues encompassed within the accountant’s engagement.” This is the primary basis for the SEC’s conclusions in the matters discussed above.
In recent years, the primary guiding literature of the AICPA on auditor independence has moved from a rules-based to a principles-based approach with the introduction of an “independence conceptual framework” (ICF) (ET section 1.210.010) to the successor provision of Rule 101 (ET section 1.200) of the AICPA’s Code of Professional Conduct. The ICF is to be used by auditors to help them identify, evaluate the acceptability of (before and after considering the effectiveness of safeguards), and resolve “threats” to independence that are not expressly designated in the rules and interpretations as impairments. The underlying principle of the ICF is a variation of the general standard—that is, that a threat to an auditor’s independence can be at an acceptable level only when one can comfortably conclude that “a reasonable and informed third party who is aware of the relevant information would perceive that the member’s professional judgment is not compromised” (ET section 1.210.010.07).
Under the principles-based ICF, the identification of a threat, even when initially assessed as unacceptable, often does not result in a conclusion that independence is impaired. Rather, the door is opened for the mitigation of its significance and reduction of the threat to an acceptable level through the application of safeguards to the extent necessary to enable a conclusion that can be deemed consistent with the underlying principle of the ICF. Only when an immediate family member (as defined in ET section 0400.19) is employed by a client in a “key position” (as defined in ET section 0400.27) is such mitigation disallowed. Unfortunately, the process requires careful exercise of objective judgment and leaves auditors open to the risk of being second-guessed by adversarial regulators or litigators and accused of self-serving rationalization.
The familiarity threat is defined in the ICF as the threat of becoming “too sympathetic to the client’s interests or too accepting of the client’s work or product” due to a “long or close relationship” with the client (ET section 1.210.010.14). The only other direct reference to close, nonfamilial relationships in the portion of the Code of Professional Conduct that relates to independence is to a close friend employed by the client, which appears in an example of a familiarity threat set forth in the ICF. Similar examples are set forth by the General Accounting Office for audits conducted in accordance with Generally Accepted Government Auditing Standards, with one notable addition being “accepting gifts or preferential treatment from an audited entity, unless the value is trivial or inconsequential” (Yellow Book, Appendix I, para. 3-06).
Lessons to Be Learned
The principal lesson to be taken from the SEC’s recent enforcement activities is that audit firms should implement more robust policies and procedures that provide a working definition of “close personal relationships” and enable the firms to obtain reasonable assurance that such relationships with client personnel in key positions are avoided or that related threats are identified and addressed through proper application of effective safeguards. Mandated procedures should include staff communications and training, client inquiries and representations, periodic certifications, timely disclosures of close relationships by partners and staff to—and consultations with—persons with the authority to resolve independence issues, and timely monitoring of compliance. Policies should include limits on the value and frequency of gifts, meals, and entertainment provided to or received from a client.
In addition, this author recommends that firms include in their enhanced policies guidance that describes the characteristics of close personal relationships with client personnel (such as intimacy) that are deemed so excessive as to be prohibited by the firm (i.e., when no safeguards are sufficiently effective to reduce the independence threat to an acceptable level). Furthermore, evaluation and approval of proposed safeguards by a competent individual not otherwise connected to the client or the engagement should be mandated.
A secondary lesson should be that an audit firm’s independence policies, training, and communications should suitably emphasize to all professionals the fact that no mitigating safeguards will be deemed sufficient to reduce a threat to an acceptable level unless the approving party is comfortably persuaded that “a reasonable and informed third party who is aware of the relevant information would perceive that the member’s professional judgment is not compromised.”