The results of Protiviti’s survey of Sarbanes-Oxley compliance are out. The report has a few “mom and apple pie moments” given that Protiviti is in the business of providing risk assessment and advisory services as well as internal audit co-sourcing and outsourcing services to public and private companies, large and small.
That’s ok. I like seeing viable alternatives to the Big Four audit firms – the firms whose primary focus should be external auditing not growing their consulting businesses. Again.
by James L. Kroeker, Chief Accountant, Office of the Chief Accountant, U.S. Securities and Exchange Commission on December 6, 2010 (Emphasis is mine.)
In vesting in the accounting profession such an important public trust, a system predicated upon auditors adhering to strong standards to ensure that financial statements are properly presented is crucial. Accountants should not take their position for granted; the role that auditors play was not put in place without considering the alternatives.
Just as I encourage auditors to stand firm and to maintain quality and credibility in their audit work, I also encourage leaders of audit firms to ensure that the audit is never again treated like a commodity. The auditing function should be the very soul of the public accounting profession – never again as a foot in the door for higher-fees related to services from their multidisciplinary firm.
The public – and those who act in the public’s behalf, such as the Commission – need to be assured that audit firms will continue to make the necessary investments over time to ensure that audit quality is not compromised, and that auditor performance will continue to meet public expectations. While I have heard recently about the rebuilding of the consultancy practices within large accounting firms, I trust that the profession will not need to re-learn lessons of the past on the serious, adverse effects of under-investing in the quality or failing to strictly maintain the independence of their audit process. I am likewise hopeful that if significant investments are being made to pursue other lines of business within a “multi-disciplinary” firm, the potential impact on public trust and public perception of the audit practice is being considered.
I interviewed Protiviti Executive Vice President Bob Hirth in January as they rolled out the survey. The Protiviti report had a few surprises for me – well, maybe not – about who’s doing the work of Sarbanes-Oxley within companies.
For the most part it’s still internal audit.
I asked Richard Chambers, the CEO of the Institute of Internal Auditors (IIA), an international professional association for internal auditors in industry and in the firms, what he thought of that:
“While nothing about that contravenes our professional standards, the best role for Internal Audit to play in Sarbanes-Oxley compliance initiatives is to provide overall assurance on the effectiveness of the organization’s documentation and testing of internal controls and Section 302 certification process, rather than to be down in the weeds doing the actual documentation and testing of controls instead of management.”
Truly surprising was that the authors of the Protiviti report had to warn some small company responders that outsourcing Sarbanes-Oxley to the external auditors is a no-no.
I wrote about the survey last week at Forbes.com. You can find that story and additional comments and quotes here.
Protiviti has a nice webinar on their site that goes though their whole report.
Download the survey report here.