How Do Auditors Maintain Independence?
What Protects Independence?
An independent mindset is important in driving audit quality and in satisfying the requirement for auditors to exercise due professional care in planning and performing the audit under auditing standards. Professional skepticism is a key component of due professional care, which involves a questioning mindset and a critical assessment of audit evidence. What are safeguards that incentivize audit firms and individual auditors to keep an independent mindset and perform high-quality audits? There are three key elements:
A Robust Regulatory Regime
Oversight of the External Auditor
A Robust Regulatory Regime
Regulatory auditor independence rules are strong and robust. They get complicated quickly. The “general rule” requires the following guiding principles to be considered as to whether a relationship with or service provided by an auditor:
Creates a mutual or conflicting interest with their audit client
Places them in the position of auditing their own work
Results in their acting as management or an employee of the audit client
Places them in a position of being an advocate for the audit client
In addition to these principles, a clear line is drawn between what is permitted and what is prohibited to mitigate potential conflicts of interest that could impede an auditor’s objectivity and impartiality. The following are key provisions of the SEC auditor independence rules:1
Relationships or services that create a mutual or conflicting interest between the auditor and the audited company are prohibited. Generally, auditors cannot have:
Investments in audit clients or other financial interests in audit clients, such as: loans/debts to or from audit clients, savings/checking accounts at an audit client in excess of FDIC insured amount, broker-dealer accounts at an audit client, consumer loans with an outstanding balance greater than $10,000 owed to an audit client, insurance policies issued by an audit client, a financial interest in an entity that is part of an investment company complex that includes an audit client.
There is a one-year cooling off period required before a company can hire certain individuals formerly employed by its auditor in a financial reporting oversight role. There are other restrictions for auditors when family members are employed by an audit client.
Audit firms may not have direct or material indirect business relationships with the company, its officers or directors that affect decision making or beneficial owners with significant influence.
Generally, these rules also apply to family members of auditors in many circumstances in order to guard independence.
Specific Prohibited Non-audit Services
Beyond the principles of the general rule, the following certain non-audit services are expressly prohibited under the SEC’s rules:
- Financial information systems design and implementation
- Appraisal or valuation services, fairness opinions, or contribution-in-kind reports
- Actuarial services
- Internal audit outsourcing services
- Management functions or human resources
- Broker-dealer, investment adviser, or investment banking services
- Legal services and expert services unrelated to the audit
There are other important requirements that support auditor independence, including (not all-inclusive):
- Partner rotation – the lead audit engagement partner and Engagement Quality Reviewer are required to rotate every five years.
- Contingent fees or commissions are not allowed.
- Affirmation – auditors must affirm compliance with SEC and PCAOB independence rules to audit committees.
Oversight of the External Auditor
Beyond strong, robust independence rules, there is oversight of the external auditor by the audit committee and the PCAOB. The Sarbanes-Oxley Act stipulates that the audit committee, not the Chief Executive Officer or Chief Financial Officer, has responsibility for the appointment, compensation, retention, and oversight of the company’s independent external auditor and must preapprove all non-audit and audit services provided. Placing responsibility to oversee, and compensate, the external auditor in the hands of the audit committee is a feature of the U.S. system designed to protect the independent work of auditors.
The audit committee is responsible for negotiating the level of fees (i.e., compensation) paid to the independent auditor. The PCAOB inspects audit firms, including overseeing compliance with independence regulations.
Within an audit firm, there are incentives for the audit engagement team to deliver a high-quality audit. Performance evaluations are driven by audit quality events – both positive and negative. This is a strong incentive for audit staff and partners. There are layers of review such that the engagement partner does not work in a silo. The Engagement Quality Reviewer is a second partner review and firms have specific required consultation protocols which necessitate national officer review of certain complex audit matters.
There are multiple market-driven incentives that further safeguard investors:
Reputation risk is the risk of damage to an audit firm’s or an individual auditor’s reputation. An impaired reputation impedes an audit firm’s ability to attract and retain clients as well as personnel, and it hurts the audit firm’s bottom line. For an individual auditor, a damaged reputation can hurt both advancement opportunities and job prospects.
Litigation risk exposes auditors to potential financial penalties, which are often significant. In the U.S., there are also rigorous private litigation mechanisms, such as the ability to bring class action lawsuits against an audit firm.
Regulatory risk is the threat of new regulation or other regulatory interventions that subject auditors to sanctions, which include fines, debarment brought by the SEC and/or the PCAOB, and, in some instances, criminal charges brought by the Department of Justice.
Combined with the professional and regulatory requirements that auditors must follow, these incentives reinforce public company auditor independence in the US.
Recent Amendments Strengthen SEC Rules
In 2021, the SEC amended certain of its rules to reflect changes in the business environment. These amendments did not in any way gut or weaken current SEC independence rules. They clarified certain terms and rules based on decades of experience of the SEC staff as a result of questions and consultations and enable the auditor and audit committee to focus on the most important independence matters.
For example, under the independence rules prior to the amendments, a public company audit firm could not audit a bank without triggering an independence violation if the auditor had a student loan from that bank, even if the loan was obtained prior to the auditor’s employment with the firm. The amended rules permit student loans provided the loans were not obtained while the professional was subject to the independence requirement.
Here’s an illustration:2
In conclusion, there are many safeguards that protect auditor independence. The robust US regulatory regime is just one piece. Oversight of the external auditor coupled with market-driven incentives provide confidence to investors in the system that works to maintain auditor independence.
- SEC independence rules are dictated by CFR 210.2-01(a) – (f), commonly referred to as Rule 2-01(a) – (f).
- More examples and details can be found at the CAQ’s Alert 2021-02, Amendments to SEC Independence Rules. In addition, see the CAQ’s publication, Value of the Audit: A Brief History and the Path Forward.
The Value of Auditor Independence
Independence underpins the very credibility of the audit and, ultimately, its value to capital markets. It is also one reason why audit quality in the US has never been higher. Learn more about how trust is built on auditor independence.