The right policies can help your firm manage audit risk

Arthur Andersen's shredding of documents relating to the Enron audit may be the poster child for what not to do when it comes to document retention policies.

As a result of the premature shredding of documents relating to the audit of the infamous energy company whose deceptive accounting practices destroyed more than $11 billion in shareholder value, Andersen was convicted of obstruction of justice and prohibited from auditing further American clients by the Securities and Exchange Commission. The Enron scandal drastically reduced Andersen's credibility internationally, ultimately forcing the firm to dissolve.

How does a firm avoid this fate? A few preventative maintenance and risk management measures can help protect an accounting firm in the event of a corporate scandal.

1. Do not adopt principles that ultimately render financial statements misleading. A company's financial statements are useless if they are misleading. According to the American Institute of CPAs, it is generally assumed that adherence to officially established accounting principles results in financial statements that are not misleading.

However, AICPA Rule 203.02 states that because there are certain instances in which "the literal application of pronouncements on accounting principles would have the effect of rendering financial statements misleading ... the proper accounting treatment is that which will render the financial statements not misleading." In general, GAAP should be employed during audits, but rigid adherence should not be maintained when doing so would distort the true meaning of the financial statements.

2. Implement an explicit documentation, document retention and destruction policy. The Rules of the New York State Board of Regents, Section 29.10, require accountants to prepare their work product in such a fashion that another accountant or auditor who is unrelated to the project can understand how specific results were achieved. Thus, an auditor reviewing an audit should not have to engage in guesswork or make any speculations as to how the auditing accountant performed the audit. Everything should be laid out plainly for a "reviewer with relevant knowledge and experience."

Andersen encountered trouble not only because it did not retain its auditing documents, but because it consciously destroyed important documents. Section 29.10 requires that accounting firms have a written policy regarding the retention of their work product. This policy must explicitly recite the authorization process for the destruction of work product, and at what time the work product may be destroyed. The Securities and Exchange Commission, through its adoption of Section 802 of the Sarbanes-Oxley Act, mandates that firms retain relevant documents containing conclusions regarding, and analyses of, audited financial statements.

Not only is this the law, it is sound policy for an accounting firm to have an unambiguous file retention policy. If an accounting firm performed an audit to the applicable standards, the auditing documentation will reflect that. This documentation can be available to any federal investigative authorities, and generally displays the appropriateness of an audit.

Although retaining work product verifies the basis for the audit, not all items necessarily need to be retained under a document retention policy. For example, certain irrelevant documents might be dispensed with, including duplicates of documents, insignificant voicemail messages, completed to-do lists, certain review notes, and superseded drafts of memoranda, financial statements or regulatory filings. However, if a firm becomes aware that a legal or disciplinary action might be taken, or is pending, the firm should immediately suspend the destruction of any documents.

3. Avoid conflicts of interest. An accounting firm that performs audits must be independent. For example, New York's Regents Rule Section 29.10 prohibits a firm from sharing income from an audit with an officer or affiliated executive board member of the corporation that's being audited.

Additionally, if a partner at the firm has or had a direct or indirect financial interest in the corporation that's being audited for the specified time period, independence has been compromised. Examples of such financial interests would include the partner being a principal stockholder in the enterprise or sitting on the board of directors.

Moreover, accounting firms acting as auditors are required to and should keep their clients' information confidential. That means that the revelation of "personally identifiable facts, data or information obtained in a professional capacity without the prior consent of the client" is specifically prohibited.

Eliminating all risk is impossible. However, with careful planning, risk management, adherence to state and federal laws, and professional standards, risk exposure can be better managed.

Thomas Cronmiller, a partner with the law firm of Hiscock & Barclay, is the practice group leader for the Torts & Insurance Primary Practice Group and serves as chair of the torts and products liability defense practice area.

(c) 2009 Accounting Today and SourceMedia, Inc. All Rights Reserved.

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access