On July 30, 2002, President Bush signed into law the Sarbanes-Oxley Act of 2002. The
Act-which applies in general to publicly held companies and their audit
firms-dramatically affects the accounting profession and impacts not just the largest
accounting firms, but any CPA actively working as an auditor of, or for, a publicly
traded company. The basic implications of the Act for accountants are summarized
Public Company Accounting Oversight
Board.Moving to a different private sector regulatory structure, a new Public
Company Accounting Oversight Board (the Board) will be appointed and overseen by the
SEC. The Board, made up of five full-time members, will oversee and investigate the
audits and auditors of public companies, and sanction both firms and individuals for
violations of laws, regulations and rules.
Board Composition.Two of the five
Board members must be or must have been CPAs. The remaining three must not be and
cannot have been CPAs. The Chair may be held by one of the CPA members, but he or
she must not have practiced accounting during the five years preceding his/her
Funding. The Board will be funded by
public companies through mandatory fees. Accounting firms that audit public
companies must register with the Board ("registered firm"), and pay registration
and annual fees.
Standard Setting. The Board will
issue standards or adopt standards set by other groups or organizations, for audit
firm quality controls for the audits of public companies. These standards include:
auditing and related attestation, quality control, ethics, independence and "other
standards necessary to protect the public interest." The Board has the authority to
set and enforce audit and quality control standards for public company audits.
Investigative and Disciplinary
Authority. The Board is empowered to regularly inspect registered accounting
firms' operations and will investigate potential violations of securities laws,
standards, competency and conduct. Sanctions may be imposed for non-cooperation,
violations, or failure to supervise a partner or employee in a registered
accounting firm. These include revocation or suspension of an accounting firm's
registration, prohibition from auditing public companies, and imposition of civil
penalties. During investigations, the Board can require testimony or document
production from the registered accounting firm, or request information from
relevant persons outside the firm. Investigations can be referred to the SEC, or
with the SEC's approval, to the Department of Justice, state attorneys general or
state boards of accountancy under certain circumstances.
Authority. Foreign accounting firms that "prepare or furnish" an audit
report involving U.S. registrants will be subject to the authority of the Board.
Additionally, if a registered U.S. accounting firm relies on the opinion of a
foreign accounting firm, the foreign firm's audit workpapers must be supplied upon
request to the Board or the Commission.
New Roles for Audit Committees and
Auditors. The relationship between accounting firms and their publicly held
audit clients is different under the new law. The basic implications are outlined
Auditors Report to Audit Committee.
Now, auditors will report to and be overseen by a company's audit committee, not
Audit Committees Must Approve All
Services. Audit committees must preapprove all services (both audit and
non-audit services not specifically prohibited) provided by its auditor.
Auditor Must Report New Information to Audit
Committee. This information includes: critical accounting policies and
practices to be used, alternative treatments of financial information within GAAP
that have been discussed with management, accounting disagreements between the
auditor and management, and other relevant communications between the auditor and
Offering Specified Non-Audit Services
Prohibited. The new law statutorily prohibits auditors from offering certain
non-audit services to audit clients. These services include: bookkeeping,
information systems design and implementation, appraisals or valuation services,
actuarial services, internal audits, management and human resources services,
broker/dealer and investment banking services, legal or expert services unrelated
to audit services and other services the board determines by rule to be
impermissible. Other nonaudit services not banned are allowed if preapproved by the
Audit Partner Rotation. The lead
audit partner and audit review partner must be rotated every five years on public
Employment Implications. An
accounting firm will not be able to provide audit services to a public company if
one of that company's top officials (CEO, Controller, CFO, Chief Accounting
Officer, etc.) was employed by the firm and worked on the company's audit during
the previous year.
Criminal Penalties and Protection for
Whistleblowers. The law creates tough penalties for those who destroy records,
commit securities fraud and fail to report fraud.
Failure to Maintain Workpapers. It is
now a felony with penalties of up to 10 years to willfully fail to maintain "all
audit or review workpapers" for at least five years. The SEC will establish a rule
covering the retention of audit records and the Board will issue standards that
compel auditors to keep other documentation for seven years.
Document Destruction. It is a felony
with penalties of up to 20 years to destroy documents in a federal or bankruptcy
Securities Fraud.Criminal penalties
for securities fraud have been increased to 25 years.
Fraud Discovery. The statute of
limitations for the discovery of fraud is extended to two years from the date of
discovery and five years after the act. It was previously one year from discovery
and three from the act.
Other provisions protect corporate whistleblowers, ban personal loans to
executives, and prohibit insider trading during blackout periods.
Financial Reporting and Auditing Process
Additions. Issuers of public stock and their auditors must now follow new rules
and procedures in connection with the financial reporting and auditing
Second Partner Review and Approval of Audit
Reports. The new regulatory board will issue or adopt standards requiring
auditors to have a thorough second partner review and approval of every public
company audit report.
Management Assessment of Internal
Controls. Management must now assess and make representations about the
effectiveness of the internal control structure and procedures of the issuer for
Audit Reports Must Contain Description of
Internal Controls Testing. The new regulatory board will also issue or adopt
standards that will require every audit report to attest to the assessment made by
management on the company's internal control structures, including a specific
notation about any significant defects or material noncompliance found on the basis
of such testing.
Areas for CPAs to Watch. The
ramifications of some of the provisions in the Sarbanes-Oxley Act will become known
only as the SEC and the new Public Company Accounting Oversight Board begin
implementing the bill.
Consulting Services. The Act lists
eight types of services that are "unlawful" if provided to a publicly held company
by its auditor: bookkeeping, information systems design and implementation,
appraisals or valuation services, actuarial services, internal audits, management
and human resources services, broker/dealer and investment banking services, and
legal or expert services related to audit services. It also has one catch-all
category authorizing the board to determine by regulation any service it wishes to
prohibit. Other non-audit services-including tax services-require pre-approval by
the audit committee. Pre-approved non-audit services must be disclosed to investors
in periodic reports.
Implications for CPAs with Tax
Practices. "Expert" services are not defined in the Act and we do not know
how broadly the board or the SEC will define this term. It is conceivable that some
tax services we view as traditional may be construed as "expert" services, and not
permitted by any firm providing audit services to publicly held audit clients. We
will encourage the Board or the SEC to understand the importance of auditors
providing tax services for publicly held audit clients. In addition, tax services
performed by an auditor for a publicly held company would require pre-approval by
the client's audit committee.
Cascade Effect. Of particular concern
is the cascade effect that the scope of services restrictions could have on small
businesses and accounting firms. Our major concern is that the new legislation by
Congress may become the template for parallel federal and state legislative or rule
changes that directly affect both non-public companies that are subject to other
regulations and the CPAs that provide services to them. The AICPA and the state CPA
societies are monitoring this situation closely and will continue to keep you
- Additional Burdens for CPAs in Business
and Industry. CPAs working in the financial management areas of public
companies are directly impacted by the Act. These CPAs need to be aware of the new
responsibilities of CEOs and CFOs, who are now required to certify company financial
statements. They also have a greater duty to communicate and coordinate with
corporate audit committees that are now responsible for hiring, compensating and
overseeing the independent auditors. There are new requirements regarding enhanced
financial disclosures as well. The AICPA is working to develop additional resources
specifically tailored for members in corporate practice as they implement these new
We know you care about your company and want to stay on top of
everything that affects it. Employee incentive programs can have great
impact. We can help - contact
us today to learn more.