Question

Sarbanes–Oxley Act Compliance
As a Certified Public Accountant (CPA), Certified Internal Auditor (CIA), and Certified Information Systems Auditor (CISA) you have been asked to perform an audit of company records in support of the Attest function to verify the annual statements. The inventory balances from the computerized system are reported to be $121 million, but reports from field auditors show that balances are severely overstated. In discussions with employees and managers, you find some overlap in functions with certain personnel authorized to perform functions in other departments.
Also, several personnel have not taken vacations in over three years. In compliance with the Sarbanes–Oxley Act of 2002, what would be your approach for the audit assignments:

1. In no more than 750 words discuss what application tests might you perform? Why?

Answer 1

The Sarbanes-Oxley Act of 2002 mandates that audit committees be directly responsible for the oversight of the engagement of the company's independent auditor, and the Securities and Exchange Commission (the Commission) rules are designed to ensure that auditors are independent of their audit clients. The purpose of this brochure is to highlight certain Commission rules and other authoritative pronouncements relevant to audit committee oversight responsibilities regarding the auditor's independence. More information on this topic is available in the Commission's rules and on the Commission's web site at www.sec.gov/about/offices/oca/ocaprof.htm.

Audit committees should also be aware that the PCAOB has Ethics and Independence Rules Concerning Independence, Tax Services, and Contingent Fees.

General Standard of Auditor Independence

The Commission's general standard of auditor independence is that an auditor's independence is impaired if the auditor is not, or a reasonable investor with knowledge of all the facts and circumstances would conclude that the auditor is not, capable of exercising objective and impartial judgment on all issues encompassed within the audit engagement. To determine whether an auditor is independent under this standard an audit committee needs to consider all of the relationships between the auditor and the company, the company's management and directors, not just those relationships related to reports filed with the Commission. The audit committee should consider whether a relationship with or service provided by an auditor:

(a) creates a mutual or conflicting interest with their audit client;
(b) places them in the position of auditing their own work;
(c) results in their acting as management or an employee of the audit client; or
(d) places them in a position of being an advocate for the audit client.

The Commission rules also address specific auditor independence issues, some of which are:

Specific Prohibited Non-audit Services

The auditor is prohibited from providing the following non-audit services to an audit client including its affiliates:

• Bookkeeping
• Financial information systems design and implementation
• Appraisal or valuation services, fairness opinions, or contribution-in-kind reports
• Actuarial services
• Internal audit outsourcing services
• Management functions or human resources
• Broker-dealer, investment adviser, or investment banking services
• Legal services and expert services unrelated to the audit

In addition to the specific prohibited services, audit committees should consider whether any service provided by the audit firm may impair the firm's independence in fact or appearance.

Pre-approval of Permitted Services

Subject to certain limited exceptions, the audit committee must pre-approve all permitted services provided by the independent auditor (i.e., tax services, comfort letters, statutory audits or other). The Commission rules include certain pre-approval requirements that the audit committee must follow. In addition, the audit committee should be informed about the services expected to be provided by the audit firm to understand whether the audit firm's independence will be impaired.

The audit committee should consider whether company policies and procedures require that all audit and non-audit services are brought before the committee for pre-approval.

Also, listing company standards require audit committees to pre-approve all audit, review and attest services regardless of whether the firm performing the services is the company's principal auditor.

Prohibited Relationships

Certain relationships between audit firms and the companies they audit are not permitted. These include:

• Employment relationships. A one-year cooling off period is required before a company can hire certain individuals formerly employed by its auditor in a financial reporting oversight role. The audit committee should also consider whether the hiring of personnel that are or were formerly employed by the audit firm might affect the audit firm's independence.
  
• Contingent Fees. Audit committees should not approve engagements that remunerate an independent auditor on a contingent fee or a commission basis. Such remuneration is considered to impair the auditor's independence.
  
• Direct or material indirect business relationships. Audit firms may not have any direct or material indirect business relationships with the company, its officers, directors or significant shareholders. Thus, audit committees should consider whether the company has implemented processes that identify such prohibited relationships.
  
• Certain Financial Relationships. Audit committees should be aware that certain financial relationships between the company and the independent auditor are prohibited. These include creditor/ debtor relationships, banking, broker-dealer, futures commission merchant accounts, insurance products and interests in investment companies.

Communications Between the Audit Committee and the Independent Auditor

Independence Standards Board Standard No. 1 requires that the auditor disclose to the audit committee in writing all relationships between the audit firm and the company that may reasonably be thought to bear on the audit firm's independence. Standard No. 1 also requires the auditor to confirm and discuss its independence with the audit committee. The audit committee should consider discussing the following issues with the auditor in regards to the firm's independence disclosure:

• Processes the audit firm uses to ensure complete disclosure of all relationships with the company and its affiliates
• Relationships the audit firm may have with officers, board members and significant shareholders
• Relationships not included in the communication because they were deemed immaterial

Change of Independent Auditors

The auditor generally must be independent for the entire engagement period and the period covered by the financial statements being audited. Once this relationship is terminated, there is no continuing requirement for the auditor to remain independent. The auditor may generally re-issue its former opinions on the company's financial statements. However, if a restatement of the financial statements becomes necessary, the auditor must be independent to audit the restatement adjustments and re-issue its opinion. Further, if the Board is contemplating or plans a change in auditors, the audit committee must consider whether the prospective firm will be independent during the audit engagement period. That is, the prospective firm must cease all prohibited services and/or sever all prohibited relationships with the issuer prior to the beginning of the audit engagement period. Therefore, the audit committee should consider these issues before hiring a predecessor auditor or a prospective auditor to provide non-audit services to the company or its affiliates. Prospective firms can not audit financial statements of years that they were not independent.

Addressing Independence Issues

The audit committee should discuss and thoroughly investigate any potential independence impairments or issues. The audit committee should also consider seeking guidance from legal counsel, the auditor and the Office of the Chief Accountant (OCA).