Back in February, I reminded you of the good things about the Sarbanes-Oxley Act.
“When the Sarbanes-Oxley Act was passed in the summer of 2002, largely as a rushed reaction to Enron, it did get a few key things right. Notwithstanding the long debate we’ve had about cost/benefit or why it didn’t prevent the subprime crisis or large frauds such as Satyam and Madoff, both of which are derivative discussions for later, there were a few important changes that still make a difference.”
Section 201-209 had a significant impact on the audit firms because it prohibited auditors from providing certain other services to their audit clients. This change was the result of a long simmering debate about auditor independence but made possible, finally, by the ‘cornered-the-market” behavior of Arthur Andersen as auditor, internal auditor, and chief consultant for Enron.
From the Wall Street Journal in February of 2002:
“…The push to outsource oversight of Enron’s internal-audit function came out of discussions from Enron’s audit committee in the early 1990s, according to depositions. Robert K. Jaedicke, the audit committee’s longtime chairman and former dean of Stanford University’s Graduate School of Business, favored the idea of an “integrated audit,” Mr. Hooten said in his deposition.
Mr. Jaedicke’s attorney, W. Neil Eggleston, said in an interview that Mr. Jaedicke agreed that outsourcing oversight of Enron’s internal-audit function, where Andersen auditors reviewed checks and balances, was a good idea because Andersen’s expertise would provide more “real-time analysis” of whether Enron’s controls were effective.
Andersen had a clear leg up in winning the business. Since 1986, Andersen had been auditor of Enron and its predecessor company. Jack Tompkins, who had headed Andersen’s Houston office for years, was Enron’s chief information and accounting officer during the early 1990s when the contract was being pursued.
The Enron outsourcing business was a big prize. Andersen’s original proposal included a five-year guaranteed contract, $18 million in net fees for Andersen and “value-billing opportunities” of as many as 44,400 guaranteed consulting hours, as well as potential savings for Enron of $12 million over five years, according to a deposition by Michael L. Bennett, Andersen’s world-wide head of assurance and business advisory.
Once it won the contract, rather than physically separate internal and external auditors working at Enron to prevent conflicts of interest, Andersen encouraged a “culturization” of the work teams, bringing the auditors together on the same floor at Enron, Mr. Bennett said in the deposition.”
The US-based academics mentioned in my February post used the same arguments as were made to sell Andersen as an internal audit outsourcing vendor to Enron. They suggested that rolling back the prohibition on auditors also acting as internal auditors of their clients might be better for us:
1) More efficient and effective teams given the external auditors’ extensive knowledge of their clients. The study actually contends, “the knowledge of a company that an external auditor gains from internal auditing lowered the chances of publishing misleading or fraudulent financial results.”
2) Cost savings to client (via leverage over auditor re: fees) from combining the teams and gaining “synergies” from having same firm do both.
3) Promotion of a “consultative” approach that would benefit both client and vendor. In fact, I reported in February that the audit firms were rolling their internal audit practices back into the external audit/assurance practices. No more pretending to be true “strategic” consulting/advisory teams. This is certainly more efficient and cost effective for the firms, especially if they can use the same staff for both external and internal audit engagements.
If you thought the discussion was pure rhetoric, you were mistaken. KPMG (and PwC who also proposed on Rentokil but lost) has now rationalized, rhetoricized, and revisited the best practice based restrictions for their new client Rentokil. Rentokil is not listed on a US exchange and, therefore, not subject to the Sarbanes-Oxley restrictions. The UK, where Rentokil is listed, has a gentleman’s agreement with regard to auditor independence for non-audit services.
From a paper by Eleanor Dart of the Cardiff (UK) Business School:
“In 2004, the Auditing Practices Board issued ‘Ethical Standards for Auditors’ (updated in 2008). These standards are less permissive than previous guidelines and must be followed by all members of professional accounting bodies who engage in auditing activities. The standards include a 10% limit on audit firm income from any one listed company client, audit engagement partner rotation every 5 years and key audit personnel rotation every 7 years and compulsory withdrawal from the audit should any non-audit services supplied not be viewed as consistent with the objectives of the audit itself.
However, despite these developments, fundamental questions over auditors’ ability to live up to the service ideal of professional integrity still remain and there is much controversy over what can be done to ‘minimise the possibility of an Enron or WorldCom situation occurring’ (Reeves, 2002:4). Whilst it appears that ‘no single solution is a panacea’ (Reeves, 2002:4) for UK auditor independence concerns, interested parties have yet to agree upon important issues such as whether non-audit service provision should be prohibited or whether a system of mandatory audit firm rotation should be introduced. It is clear that further consideration may be needed to prevent future losses of confidence in auditor independence.”
The arguments for combining the external audit and internal audit activities under one provider repeat, not surprisingly, a familiar refrain. But they conveniently and completely ignore the lessons of the past. What’s different today is that journalists, corporate governance experts, and plaintiffs attorneys have longer memories:
Rentokil Initial has struck a cheaper, streamlined form of audit deal with KPMG that could be adopted by other companies but has raised eyebrows in the corporate governance world. Rentokil has shaved £1m, or almost a third, off its annual payments to its external and internal auditors, it disclosed in its interim statement on Friday…
KPMG said there was no conflict in its deal with Rentokil and that it was conscious of the rule.
“Conceptually, doing internal audit isn’t a conflict in itself, only if you get involved in the wider aspects such as management – which we are not,” said Oliver Tant, head of audit for KPMG UK.
“Companies are aware today of the importance of good assurance yet at the same time, they’ve got to look at costs. There are ways you can do it more efficiently and effectively.”
KPMG’s pitch was helped by the history the audit team had in working previously with Alan Brown, Rentokil’s chief executive, when he was finance director at ICI. It was Mr Brown who initiated the discussions that led to the new arrangement.
Given the pressures on costs and the longstanding ties some finance, audit, and accounting executives have with the accounting firms, it is not surprising that the weakening of the independence commitment may come from the companies themselves. What’s the downside for them? The potential for scrutiny by corporate governance experts and journalists? You can’t argue with a recession. And in the event of an accounting scandal or restatement, plaintiff’s lawyers will have an uphill battle to penetrate the impenetrable auditor liability shields and caps.
I would hate to think, as Dennis Howlett has suggested, that this could become another lame excuse for repealing SOx/general deregulation of audit firms under the threat of companies decamping to more hospitable climates?
What’s lost in all of this discussion of efficiency and cost cutting?
Independence protects shareholder’s interests.
Fortunately, at least one important voice, the Institute of Internal Auditors (IIA) President and CEO Richard Chambers, has issued a strong statement “in response to recent suggestions that it may be time to revisit existing prohibitions on provision of internal audit services by the same firm responsible for the external audit in the U.S., as well as a recent high-profile instance of the practice in Europe.”
“Internal audit services should not be provided by the same accounting firm that audits the organization’s financial statements, as it would impair the independence of the external auditor. We have expressed this numerous times over the past two decades and we feel it’s important to re-emphasize this at a time in which the practice is potentially being reconsidered,” said IIA President and CEO Richard Chambers, CIA, CGAP, CCSA. “The SEC prohibits this practice by public companies listed in the U.S., but The IIA believes that even if allowed by law or statute, this practice – at a minimum – creates a perceived impairment of independence and erodes public trust.”
I could not have said it better myself.
In addition, KPMG and Rentokil must realize that KPMG’s internal audit practice and Rentokil’s internal audit function will no longer be able to say they comply with IIA standards. May not seem like a big thing to you but, to internal auditors, it’s the heart and soul of being a “professional.”
Main page image source