Evaluating internal controls and auditor independence under Sarbanes-Oxley.
| Author | Munter, Paul |
| Position | Audit |
The issue of auditor independence has been in the spotlight for much of the past three years. Even before Enron Corp. and WorldCom Inc., the Securities and Exchange Commission (SEC) initiated major rule-making efforts focused in this area. The efforts resulted in significant modifications to its auditor independence rules, including severe restrictions on many non-audit services that an audit firm could provide to its audit clients.
However, those reforms have proven insufficient, as evidenced by the requirements of the Sarbanes-Oxley Act of 2002. It's important to note that of Sarbanes-Oxley's numerous requirements, two relate to auditor independence and assessment of the effectiveness of internal controls.
Title II of Sarbanes-Oxley directs the SEC to undertake additional rule-making on auditor independence. In particular, it specifies that an auditor is legally prohibited from providing certain non-audit services to its audit clients, among which are internal audit outsourcing and information technology design and implementation.
The performance by an auditor of any of these functions for an audit client renders the auditor no longer independent with respect to that audit client and, thus, unable to issue an audit opinion on the company's financial statements.
As audit firms and audit clients implement these requirements, there are two additional considerations that play into the decision-making process. The first is the modifying condition that exists with respect to these prohibited services. The second is the concept that an auditor can "assist but not do."
Regarding the prohibited services: the SEC determined that an auditor could provide these services to an audit client where it is reasonable to conclude that the service will not be subject to audit procedures. While these are important concepts, they are difficult to implement, and recent anecdotal evidence indicates that they are not well understood.
So, what is 'reasonable to conclude?'
The SEC's auditor independence release notes that the auditor independence rules are based on three underlying principles: 1) an auditor should not audit his/her own work; 2) an auditor should not act in the role of management; and 3) an auditor should not serve as an advocate for his/her client.
Clearly, the provision of internal audit outsourcing and information technology design and implementation violate the first two principles. However, if those services will not be subject to audit, then...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
