In the wake of several high-profile financial fraud cases that led to substantial market volatility and a loss of investor trust in the capital markets in the early 2000s, Congress swiftly passed legislation to restore confidence and protect investors. The bipartisan law, named the Sarbanes-Oxley Act (SOX) after U.S. Senator Paul Sarbanes and Congressman Michael Oxley, turns 20 years old this year. Since the landmark legislation was enacted in 2002 there have not been widespread corporate failures as a result of public company financial fraud in the United States.
In addition to imposing new liability standards for corporate management, SOX established expanded responsibilities for the independent audit committee and new requirements of public company auditors to reinforce their role as disinterested third parties who authenticate the financial information companies must disclose under SEC regulations.
To fulfill Congress’ objectives, SOX also established the Public Company Accounting Oversight Board (PCAOB) to oversee the public company auditing profession and granted the PCAOB standard setting, inspection and enforcement authority.
Independence is foundational to a high quality audit and essential to the public company auditing profession’s primary function in the capital markets. Independence is synonymous with trust and describes both the mindset in which auditors approach their work and the relationship between them and their clients. Reinforcing the importance of auditor independence, the PCAOB in 2011 wrote “[a]n audit has value to financial statement users because it is performed by a competent third party who is viewed as having no interest in the financial success of the company.”
“The rules in place are robust and stringent. That gives the public confidence that the auditor is independent,” says Vanessa Teitelbaum, Senior Director at the Center for Audit Quality.
SOX packed a punch
Central to the independence of public company auditors is the role of the independent audit committee. When considering SOX, Congress saw the potential for conflicts of interest when company management compensates the external auditors brought in to audit their financial statements. SOX placed significant new independence requirements on public accountants, including a requirement for lead and concurring partner rotation every five years. Moreover, SOX unequivocally assigned responsibility for overseeing the financial reporting process, including the hiring and firing of the independent auditor, to independent audit committees as the representatives of investors.
The audit committee oversees the company and auditors’ monitoring processes to address events or changes that could negatively affect auditor independence.
SOX strengthened auditor independence rules. Further, U.S. accounting firms have invested significantly in their systems of quality control. “Over the years, more companies and auditors have invested in systems that enable compliance with independence rules.” Teitelbaum says.
SEC rules have long prohibited certain non-audit services to be provided to an audit client, such as bookkeeping services, financial information systems design and implementation, appraisal or valuation services, actuarial services, internal audit outsourcing services, management functions, human resources, broker-dealer or investment advisor services, legal services or expert services unrelated to the audit. The auditor cannot be in a position to audit their own work.
“What SOX put in place was a requirement for the audit committee to pre-approve permitted non-audit services, and that was a good change. This oversight and approval of non-audit services – which are very limited - by the audit committee is another layer of protection for investors.” Teitelbaum says.
The risk to public company auditors of not maintaining their independence can be substantial. An auditor who lacks independence and is unable to perform their role risks both legal and reputational harm that can impair their ability to do business elsewhere.
Looking towards the future
In the twenty years since the inception of SOX, access to advanced technologies like artificial intelligence, and investor demand for non-traditional financial reporting like greenhouse gas emissions have transformed the financial reporting landscape. It is critical that the rules and standards that guide auditor independence keep pace with this increasingly complex financial reporting ecosystem.
As the audit continues to evolve, independence will remain an ongoing matter for the corporate reporting ecosystem to focus on.
“Regulators should regularly evaluate if rules are fit for purpose and there should be amendments to rules when the business environment changes so substantially as to affect the efficacy of the rules that govern independence,” Teitelbaum says. “These rules benefit all stakeholders in the corporate reporting ecosystem by establishing trust in the information provided and clear directions on the appropriate relationship between auditors and the companies the review.”
Whatever the future holds, what is certain is that investors benefit from having access to high quality financial information when making investment decisions. The policies established by SOX twenty years ago and investments made by public company accounting firms now contribute to a system that effectively enhances trust and credibility in public company financial reporting.