In April 2018, the International Ethics Standards Board for Accountants (IESBA) issued a revised, restructured and renamed code entitled, Code of Ethics for Professional Accountants, including International Independence Standards (“IESBA Code” or “the code”). (See Sidebar 1 for the new code’s effective dates.) A top-to-bottom review of the IESBA Code led to stronger, clearer and more enforceable independence provisions.
This article compares select independence provisions for nonaudit services in the IESBA Code, mainly applicable to public interest entities (“PIEs”), to nonaudit service rules of the Securities and Exchange Commission (“SEC”) and the Public Company Accounting Oversight Board (“PCAOB”) (collectively, “SEC/PCAOB rules”). (See Sidebar 2 for a description of PIEs.) This high-level comparison will briefly describe and compare the provisions.
Application of Independence Rules to Client and Affiliates
IESBA Code: Part 4A of the code applies to engagements to perform audits and reviews of a company’s financial statements (collectively, “audits”). Per R400.20, an audit client that is a listed entity includes all its “related entities”.
SEC/PCAOB rules: Rule 2-01, Qualification of Accountants, of Regulation S-X, requires firms to be independent of its audit clients, which includes affiliates of the audit client (Rule 2-01(f)(4)). Services requiring independence under SEC/PCAOB rules include financial statement audits, reviews and Section 404 attestation engagements.
Comments: The SEC’s “affiliate of the audit client” incorporates a broader array of affiliated entities than the IESBA’s “related entity.” For example, when a potential affiliate is the audit client’s parent or a sister company under common control with the audit client, the IESBA definition excludes relationships that are immaterial to the controlling entity, whereas SEC/PCAOB rules include them. Thus, more entities associated with the audit client are subject to the SEC/PCAOB independence rules than under the IESBA rules.
Application of Independence Rules to Firms and Affiliates
IESBA Code: Under R400.51 and the related application material, independence rules apply to network firms operating in cooperative structures that share certain characteristics, such as profit or cost-sharing, or a common brand name, business strategy or quality control policies, or share common ownership, control or management, or a significant part of professional resources.
SEC/PCAOB Rules: Accounting firm means an organization that is engaged in the practice of public accounting and all the firm's departments, divisions, parents, subsidiaries, and associated entities, including entities located outside the United States (Rule 2-01(f)(2)).
Comments: Though expressed differently, the application of the independence rules to a firm’s affiliates can lead to similar outcomes under the IESBA and SEC/PCAOB rules, e.g., both include non-accounting firms such as consulting and law firms and disregard location. However, the SEC interprets the term “accounting firm” by considering all relevant facts and circumstances and factors identified in previous guidance, primarily “no action” letters issued by the staff over the years, which may yield a different result than the IESBA Code.
Accounting and bookkeeping services
IESBA Code: R601.6 does not permit a firm to perform accounting or bookkeeping services, including payroll services, or to prepare financial statements for a PIE audit client when the firm will express an opinion on the financial statements or the financial information that forms the basis of the financial statements. However, R601.7 allows a firm to perform these types of services for an immaterial division or related entity of the audit client if the following conditions exist:
- Services are of a routine, mechanical nature;
- Separate teams perform the audit and nonaudit work; and
- Services are collectively immaterial to the division or related entity’s financial statements.
SEC/PCAOB: Rule 2-01(c)(4)(i) does not allow a firm to maintain or prepare accounting records or prepare financial statements filed with the Commission, or that form the basis of financial statements filed with the Commission for an audit client or its affiliate. The SEC/PCAB rule provides only one exception to this rule, which also applies to certain other services that raise self-audit concerns. Specifically, an auditor may perform bookkeeping services for an audit client’s affiliate if it is reasonable to conclude that the results of the services will not be subject to audit procedures during an audit of the client's financial statements (“not subject to audit exception”). For example, this exemption may apply when an auditor performs bookkeeping services for the nonaudit client sponsor of an employee benefit plan audit client (Form 11K filer). See Prohibited and Nonaudit Services, Question 9 (issued 8/6/07) of Office of the Chief Accountant: Application of the Commission's Rules on Auditor Independence Frequently Asked Questions (“SEC FAQ Document”). In applying the exemption, the SEC FAQ Document states in the answer to Question no. 4; “There is a rebuttable presumption that the prohibited services will be subject to audit procedures. For example, determining whether a subsidiary, division, or other unit of the consolidated entity is material is a matter of audit judgment. Thus, the determination of whether to apply detailed audit procedures to a unit of the consolidated entity is, in and of itself, an audit procedure. Therefore, materiality is not an appropriate basis upon which to overcome the presumption in determining whether it is reasonable to conclude that the results of the services will not be subject to audit procedures.”
Comments: To the extent a firm’s services are immaterial to an affiliate’s financial statements and specific safeguards are applied, the IESBA rule is more permissive than SEC/PCAOB rules. The SEC/PCAOB rules only allow services to an affiliate when the engagement meets the not subject to audit exception in the rules.
IESBA: Subsection 604 requires firms to consider potential self-review or advocacy threats arising from tax compliance and advisory services. For example, in determining the level of threat to independence when performing tax advisory services, the firm should consider whether the effectiveness of the tax advice depends on an accounting treatment or presentation in the financial statements where doubt exists regarding the appropriateness of that treatment or presentation. A restriction under R604.6 states that a firm should not calculate a PIE audit client’s current or deferred tax liabilities or assets that are material to the financial statements under audit.
SEC/PCAOB: PCAOB Rule 3523, Tax Services for Persons in Financial Reporting Oversight Roles, restricts a firm from providing personal tax services to persons in financial reporting oversight roles (“FRORs”) and their immediate families. PCAOB Rule 3522, Tax Transactions, prohibits firms from marketing, planning or opining in favor of a confidential transaction or aggressive tax position transaction because it aligns the auditor and client’s interests. In addition, firms should consider SEC Rule 2-01’s “general independence standard” i.e., the appearance of independence to the reasonable and informed investor and the overarching principles in Rule 2-01(b) and the preliminary Note to § 210.2-01, respectively). SEC bookkeeping rules would not permit a firm to calculate an audit client’s tax provision unless the not subject to audit exception is met.
Comments: The IESBA Code imposes few restrictions on tax advisory and compliance work. However, firms must apply the conceptual framework to identify, evaluate and address threats to independence and consider the application material in subsection 604. Also, the SEC’s general independence standard applies in all situations. The SEC/PCAOB’s explicit proscriptions of certain tax services and ban on calculating a client’s tax provision even when immaterial to the financial statements make the SEC/PCAOB rules stricter.
IESBA: Subsection 602, applicable to all audit clients, allows administrative services that are of a routine, mechanical nature. For example, the firm may monitor statutory filing dates, prepare and submit (client-approved) statutory forms, and perform word processing services that are part of the client’s normal operations. PIE audit clients are not subject to additional restrictions.
SEC/PCAOB: Rule 2-01 and PCAOB rules do not specifically address administrative services; as always, the SEC’s general independence standard applies.
Comments: Though not explicitly stated in SEC Rule 2-01(c), performing the types of administrative services described in IESBA subsection 602 would likely raise independence concerns, for example, acting as an employee or performing word processing or similar tasks related to the client’s financial statements.
IESBA: R603.5 prohibits a firm from performing valuation services when the services, individually or in the aggregate, are material to a PIE audit client’s financial statements under audit. Valuations performed for tax purposes that do not directly impact the financial statements are addressed in subsection 604.9A 1 – 5, Tax Services Involving Valuations.
SEC/PCAOB: SEC Rule 2-01(c)(4)(iii) prohibits firms from providing valuation services (of any magnitude) to an audit client or its affiliate, except those meeting the not subject to audit exception. Valuations performed strictly for tax purposes that have no bearing on the financial statements filed with the Commission are permissible.
Comments: The SEC/PCAOB rule is stricter than IESBA’s subsection 603, which allows a firm to perform valuation(s) that are (collectively) immaterial to the financial statements under audit. Exemptions related to tax-only valuations are similar although the SEC requires there be no bearing on the financial statements whereas IESBA will allow indirect impact.
IESBA Code: Section 525, Temporary Personnel Assignments, allows a firm to lend its personnel to an audit client if the firm can sufficiently mitigate self-review, advocacy or familiarity threats to its independence. The practice is not allowed unless the arrangement is:
- Complies with Section 600, Provision of Nonassurance Services to an Audit Client,
- Involves no management responsibilities, and
- The client is responsible for directing and supervising the staff’s activities.
SEC/PCAOB Rules: The SEC not only prohibits firms from performing management responsibilities and acting as management (same as IESBA), but also extends that prohibition to acting as an employee of an audit client, even temporarily.
Comments: Under SEC/PCAOB rules, acting as an employee of the audit client, for any period of time, impairs independence and is therefore stricter than the IESBA Code.
Internal Audit Services
IESBA: Under R605.5, a firm should not perform internal audit services for a PIE audit client if the service relates to:
- A significant part of internal controls over financial reporting (“ICFR”),
- Financial accounting systems that generate information that is material to the accounting records or financial statements under audit, or
- Amounts or disclosures, singly or aggregated, that are material to the financial statements under audit.
SEC/PCAOB: SEC Rule 2-01(c)(4)(v) prohibits a firm from performing internal audit services relating to an audit client or affiliate's internal accounting controls, financial systems, or financial statements unless the not subject to audit exception is met. The rule does not preclude an auditor from performing operational internal audits that are unrelated to the internal accounting controls, financial systems, or financial statements.
Comments: The SEC/PCAOB rule is stricter because it does not allow for consideration of materiality or significance (as relevant) to ICFR, the accounting records or financial statements that is provided in the IESBA standard.
Information Technology Services
IESBA: Under R606.5, an auditor should not design or implement an information technology (IT) system for a PIE audit client that:
- Forms a significant part of ICFR, or
- Generates information that is significant to the accounting records or financial statements under audit.
SEC/PCAOB: Under Rule 2-01(c)(4)(ii), firms may not provide financial information system design or implementation services to an audit client or affiliate unless the not subject to audit exception is met.
Comments: The SEC/PCAOB rule is stricter because it does not allow IT services unless the not subject to audit exception is met. The IESBA Code may allow IT design and implementation that does not have significant impact on ICFR, accounting records or the financial statements.
IESBA: R608.6 bars a firm from performing legal services related to a dispute or litigation when the amounts involved are material to the financial statements under audit. However, 608.6 A1 suggests that although amounts involved are not material, certain actions (i.e., use of separate engagement teams and review of the work by an independent reviewer) may be safeguards to mitigate potential self-review or advocacy threats to independence.
SEC/PCAOB: The SEC Rule 2-01(c)(4)(ix) precludes any service to an audit client or affiliate that requires the practitioner to be licensed, admitted, or otherwise qualified to practice law in the jurisdiction in which the service is provided. No exemption is provided for affiliates of the audit client.
Comments: To the extent amounts related to a legal matter are immaterial to the client’s financial statements, the SEC/PCAOB rule is stricter than the IESBA standard as the SEC/PCAOB does not allow performance of the service, either with or without safeguards.
IESBA: R609.6 states that an auditor shall not:
- Act as a negotiator on an audit client’s behalf
- Search or seek out, or perform reference checks, of prospective candidates who would serve as a(n) (i) officer, (ii) director, or (iii) senior management who would significantly influence the client’s financial reporting.
SEC/PCAOB: The SEC Rule 2-01(c)(4)(vii) prohibits firms from performing the following activities for audit clients: (i) search or seek out prospective candidates for managerial, executive, or director positions; (ii) engage in psychological testing, or other formal testing or evaluation programs; (iii) undertake reference checks of prospective candidates for an executive or director position; (iv) act as a negotiator on the audit client's behalf; or (v) recommend a specific candidate for a specific job.
Comments: Some similarities exist, and auditors could reach similar conclusions applying both rules. However, the IESBA does not specifically prohibit engaging in psychological testing or other formal testing or evaluation programs or recommending a specific candidate for a specific position, both of which are prohibited under the SEC/PCAOB rule.
Differences between the IESBA and SEC/PCAOB nonaudit services rules primarily relate to the IESBA Code’s exemptions for certain nonaudit services that are not material or significant (as relevant) to an audit client’s accounting records, financial statements, or ICFR. In addition, the SEC/PCAOB “affiliate of the audit client” identifies more entities as affiliates subject to the rules than the IESBA Code. However, similarities between the rules do exist. For example, both emphasize the appearance of independence to a reasonable and informed third party and are built on overarching principles that are more similar than different. (See Rule 2-01(b) of Regulation S-X and IESBA Code Section 400, Applying the Conceptual Framework to Independence for Audit and Review Engagements). To review the detailed rules, see:
IESBA http://www.ethicsboard.org/restructured-code-easier-navigate-use-enforce (2018 Code)
SEC https://www.law.cornell.edu/cfr/text/17/210.2-01 (Rule 2-01)
PCAOB https://pcaobus.org//Standards/EI/Pages/default.aspx (Ethics and Independence Standards)