About the Panelists
The panel featured Catherine Allen, CPA, ethics consultant and also a founder of Audit Conduct; Brian Lynch, CPA, risk management and independence partner at EY LLP; and Lisa Snyder, CPA, CGMA, national assurance managing partner for independence at BDO. Thomas Ray, CPA, distinguished lecturer in the accounting department at Baruch College, New York, N.Y., and founder of Audit Conduct, moderated the panel. The following is an edited and condensed summary of the panel discussion. The views expressed are the panelists’ own personal views and not necessarily those of their employers or those employers’ boards, management, or staff.
* * *
The panel began with Snyder giving a primer on the International Ethics Standards Board for Accountants (IESBA), which sets ethics standards under the International Federation of Accountants (IFAC). She noted that member organizations of IFAC, such as the AICPA, are not allowed to have less restrictive ethics codes than the IESBA’s; therefore, the AICPA’s Professional Ethics Executive Committee (PEEC) is obligated to pay attention to and converge with that code as much as possible. She cited a number of standards in the AICPA’s Code of Professional Conduct that come from IESBA, such as the noncompliance with laws and regulations (NOCLAR) rule.
Snyder then turned to independence and ethics as they relate to nonaudit services. She noted that the IESBA is meeting currently on the subject and seems to be moving in a “more restrictive” direction. “It seems they’re taking an approach where, if there are self-review threats created, they are thinking of prohibiting the service for public interest entities, regardless of materiality,” she said. Snyder also said that this move may extend to nonpublic entities as well, although Allen added that, based on her observation of an IESBA meeting the day before, it is unlikely to go so far.
Ray then asked whether IESBA would place limits on audit fees. “The AICPA is subject to antitrust laws,” Snyder noted. “And usually when it comes to issues of fees, that’s an area that historically we’ve stayed away from because we have been challenged by the FTC in the past.” Snyder then discussed an IESBA project that investigated the relationship, if any, between fees and audit quality: “And at the end of the day, I think we concluded that there really wasn’t anything to say there was an issue.” IESBA has nonetheless begun looking into some aspects of the issue. Areas of investigation include whether the level of fees charged is enough to make sure auditors exercise due care, the responsibility accountants who engage auditors have in determining that fees are adequate, and whether auditors are dependent on the fees from a single client.
Snyder touched on fee dependency, noting that the AICPA had struggled with the issue. “When you go from a small firm environment to a large firm environment, determining the materiality or significance is really challenging,” he said. “It’s easy to say at a large firm that no client is going to reach 15% of the revenues. But a small firm, especially a firm that’s starting out, certainly can have that.” Snyder and Allen both referred to the nonauthorative Plain English Guide to Independence that provides useful guidance on the subject, especially for small firms.
Lastly, Snyder covered the IESBA’s efforts around professional skepticism, noting that perceptions of the definition of the term differ among standards setters. In addition, she said, “there was quite a debate as to whether professional skepticism should be limited to the audit world or should be possessed by accountants in business and nonauditors. Accountants in business felt that they should also exercise professional skepticism, but everyone somewhat agreed that there should be scalability; maybe the definition used in the audit world is not the same that should be used for other professional accountants.”
Snyder also said that, due to comments from various roundtable discussions with regulators and investors, the project has been renamed from “Professional Skepticism” to “Role and Mindset of Professional Accountants.” “I think they’re heading now toward just coming up with application guidance within the code that talks about the appropriate role, mindset, and behavioral characteristics expected of all professional accountants,” she said. “They really have stepped back.”
Ray then invited the panel to speak on the PEEC’s efforts to converge with the IESBA’s standards. Lynch began with the “long association” project, an examination of partner rotation rules. The project’s initial goal was to provide further guidance on the subject, but after releasing an exposure draft of a new interpretation of the rules and reviewing the comments, instead adopted the guidance in the form of frequently asked questions (FAQ) documents on the AICPA’s website. “We weren’t trying to adopt a new rule,” Lynch said, “and we don’t want to put out interpretations that just say, ‘here’s how you apply the conceptual framework.’” The FAQs cover identifying and evaluating threats to independence caused by long partner associations, as well as safeguards to implement in the event those threats are significant.
Snyder added that, during the comment period, she had heard concerns that partner rotation would be considered a de facto standard rather than one possible safeguard. “That’s impossible to apply in a small firm environment, where you don’t have numerous partners with expertise in a particular industry.”
Snyder also detailed a project regarding how having a lease with a client affects independence. Previous guidance had differed based on whether the lease was capital or operating, but with FASB’s new leasing standard eliminating that distinction, new guidance was needed. That guidance, she said, “focuses on the covered members or the individuals on the attest engagement team who could influence the engagement and the firm itself.” The guidance says that such leases impair independence unless certain conditions are met, provides for how to handle both existing and new leases, and recommends an evaluation in all cases, regardless of conditions.
Allen then covered the PEEC’s work on information technology. She began with a new standard on firms providing hosting services for client data and records, both financial and nonfinancial. “You’re trying to avoid being the sole source of the client’s data,” she said. This standard goes into effect in July 2019, and practitioners have questions about keeping clients’ books on cloud-based technology. Allen said that the committee is working on FAQs to address these concerns.
The PEEC’s other IT project, Allen said, revolves around firms providing information systems services to clients. Currently in the proposal stage, it sets requirements for implementation, postimplementation, and maintenance activities regarding such services. “The committee is trying to make sure that they address all of those issues satisfactorily before issuing a final standard,” she said, giving a tentative date of sometime in 2019.
Snyder noted that one issue the PEEC is struggling with is the definition of a “financial information system.” “The definition we came up with was very broad,” she said, adding, “It is difficult trying to determine whether a system does not impact the financial statements, since almost everything indirectly could.”
Ray then asked Lynch to cover independence at the state and local government level. First on the list was a project to update the interpretation and definition for affiliates, the current version of which Lynch characterized as “hopelessly outdated.” The PEEC released a proposal for comment in 2017, and plans to release a reorganized, simplified version for more comment in 2019. “Essentially, it takes the current standard, which just says you have to be independent of the entries that are included in your audit opinion, and adds three categories of entities that we think should be subject to independence restrictions,” he said. These categories are entities included in the financial statements but not the audit opinion; entities that should be in the financial statements but are not, departing from GAAP; and material investments made by governmental entities.
Next, Lynch discussed convergence with the IESBA’s noncompliance with laws and regulations (NOCLAR) rules. An interpretation published in 2017 urges auditors to alert clients to any potential NOCLAR, going as high as management or the board of directors and even resigning from the client if necessary, but it does not allow alerting a third party, such as law enforcement or a regulatory authority. “Our standard did not allow them to go around our client confidentiality rules and be able to talk to third parties about those things … because client confidentiality is built into the state laws and regulations governing the profession,” he explained, “and for the AICPA to adopt something that allowed or required a member to violate their state laws and potentially lose their license, we didn’t think that would be appropriate.”
Although several commenters thought that there should be an exception to client confidentiality in this case, Lynch said the committee would not reconsider the matter without the cooperation of state governments. “We started a larger process now working with NASBA to try and figure out if there is a state-level solution, to get the states onboard to say that there may be instances here where it really is in the public interest for our members to be able to say something. There needs to be a right to do so within the state laws and hopefully some form of whistleblower protection,” he said.
Finally, Ray asked Snyder to cover staff augmentation, or the lending of staff to a client to assist with or provide nonattest services, tax services, or bookkeeping. While the SEC and AICPA both prohibit this activity in the United States, it is common in other countries, prompting an effort at convergence. “The position we’ve taken is very similar to what IESBA has taken,” she said. “You can provide these types of arrangements, but there need to be certain safeguards in place. You still need to have the general requirements for all nonaudit services within the arrangements. So, for example, you cannot perform any management functions for the client, and you can only provide services that would be permitted under the nonattest services rules.” The engagement must also be “for a short period of time,” and firms need to avoid “the appearance of acting as an employee.”
Next, Ray turned to Allen for an update on PCAOB inspections. After noting that the current upheaval at the PCAOB has led to the information she has being less current than she would like, Allen said that there was a “slight dip in deficiencies” from auditors of broker-dealers. “Broker-dealer auditors are finally realizing they cannot help keep the books and records,” she said. In addition, formal inspections of other issuers have turned up “a lot of the independence deficiencies we’ve seen in the past.” This includes indemnification agreements that shouldn’t be in an SEC audit engagement or tax services provided to clients, which must be documented and discussed with the audit committee.
“Broker-dealer auditors are finally realizing they cannot help keep the books and records,” Allen said.
Finally, Ray commented on several enforcement actions. The first dealt with a firm that did not monitor closely enough the nonaudit services that a foreign affiliate was providing to clients. Another involved an audit partner and senior manager lacking experience in the industry of the company they were monitoring, which led them to fail to find a material misstatement in the financial statements. In the third, an audit partner had a close personal relationship with the clients, about which other partners had evidence that should have led them to believe there was an independence problem but did nothing about it. Each case, he said, involved neglect of principles of professional conduct.
“The principles of professional conduct say you’ve got to adhere to both the requirements as well as the spirit of our technical and professional standards,” Ray commented. “And it seems to me that if you see evidence of a breach of an ethical principle, particularly independence by one of your colleagues and you don’t say anything, you’re subordinating your judgment in that case.”
Allen noted that, in the third case, the SEC relied on the general standard of the “reasonable third party” rather than an explicit prohibition within any regulatory standard. “It’s a very subjective standard,” she said. Ray noted that the same standard is in the AICPA Code of Professional Conduct.
Allen also covered release of the new AICPA Yellow Book, which syncs up the AICPA’s standards on independence with the GAO’s. She reminded the audience about the new requirements in this edition and cautioned them to “evaluate threats, apply safeguards, and get documentation into your workpapers.”