The War of Auditor Independence
This has been a tumultuous year for the concept of auditor independence. Several major, aggressive enforcement actions by the Securities and Exchange Commission have pushed towards the outer limits of liability, imposing substantial awards even absent any evidence of audit errors or harm to the client.
Even given the push by the SEC’s regulatory divisions to ease that burden somewhat, auditors, and potentially their clients, remain at risk. Auditors and audit clients who fail to pay sufficient attention to these risks expose themselves to potentially substantial liability.
Recent enforcement actions
Rule 2.10.2-01 of Regulation S-X provides that the “commission will not recognize an accountant as independent, with respect to an audit client, if the accountant is not, or a reasonable investor with knowledge of all relevant facts and circumstances would conclude that the accountant is not, capable of exercising objective and impartial judgment on all issues encompassed within the accountant's engagement.” Recent cases set out some of these “relevant facts and circumstances.”
The ripples are still being felt from an order dated Sept. 23, 2019, in which Big Four firm PricewaterhouseCoopers agreed to pay approximately $7.9 million (disgorgement of $4.4 million plus a penalty of $3.5 million) and was censured, all for violations of the independence rules. (See our story.) PwC violated the rules by improperly exercising decision-making power in designing and implementing financial reporting software related to multiple clients’ financial reporting, and engaging in management functions, all non-audit services. Brandon Sprankle, a member of the audit engagement team, obtained internal approval within PwC for these tasks by deliberately mischaracterizing the project as audit services, despite numerous red flags to the contrary.
What is notable about the settled order is that these violations were not deliberate policy on PwC’s part. PwC was charged and penalized for failing to detect the misconduct of a member of the audit engagement team, who deliberately misled PwC.
Moreover, these failures exposed PwC’s audit clients to potential liability, either in the form of SEC enforcement actions or civil lawsuits from investors. As the PwC order makes clear, an issuer violates the Securities Exchange Act by filing quarterly or annual reports where the auditor was not independent. Moreover, scienter — or intent — is not needed for liability, as mere negligence will do. Thus, an independence violation — even if it causes no harm to the audit client directly — can expose the client to potential liability.
Even if the independence failure does not lead to enforcement actions against the audit clients, it can have serious consequences for the client when it comes to light. After the PwC order became public, Mattel Inc. came under harsh scrutiny for retaining PwC as its auditor, even after Mattel’s own audit committee determined PwC violated conflict of interest rules and provided bad advice on how to handle a significant income tax error. Consequently, Mattel was sued in a class action for securities fraud violations, based in part on PwC’s independence violations. As for PwC, its work for Mattel has also earned review by the Public Company Accounting Oversight Board, for, among other things, potential violations of the independence rules.
Another important recent case involved RSM US: RSM agreed to a settled order fining it $950,000 for independence violations. This case involved negligent failures to follow internal administrative procedures. RSM had a centralized system in place to prevent breaches of the independence rules, but engagement teams failed to enter client names uniformly, or failed to complete entries. As a result, RSM failed to detect the provision of non-audit services to affiliates of audit clients.
Notably, there was no finding of intentional wrongdoing, or that RSM’s objectivity or impartiality was compromised, or that there were any errors or misstatements. As the order pointed out in a footnote, the issue was negligence, not willful misconduct.
The SEC has recently sought to address the perceived over-inclusiveness of the independence rules. The focus of these proposals is to decrease compliance costs for firms and increase the number of audit firms available for engagements by permitting “technical” independence violations that don’t affect impartiality or accuracy. To simplify, these rules largely seek to permit the relationship of the auditors to entities affiliated or under common control with audit clients as long as those entities do not exercise “significant influence” over the client.
Nonetheless, the full scope of the auditor independence requirement remains somewhat unsettled territory. While the SEC seeks to give auditors more leeway, it is hard to tell how that will affect or limit enforcement actions. Whether or not the scope of independence violations has been limited somewhat, a potential liability minefield remains, not only for auditors but for their clients as well.
Howard Fischer is a partner in the litigation and white collar departments of Moses & Singer LLP and was a former senior trial counsel at the SEC.