The Impact of the US Sarbanes- Oxley Act of 2002 on...
53
The Impact of the US Sarbanes- Oxley Act of 2002 on Jurisdictions in Europe, Australia and New Zealand - Research Essay - by André Pollmann (E-mail: [email protected]), written as part of the LL.M Intensive Course - Corporate Governance - (LawComm709), held 11 – 17 June 2008 at the Faculty of Law of the University of Auckland by Professor John H. Farrar and Professor Susan Watson. 1/53
Transcript of The Impact of the US Sarbanes- Oxley Act of 2002 on...
The Impact of the US Sarbanes- Oxley Act of 2002on Jurisdictions in Europe, Australia and New Zealand
- Research Essay -
by André Pollmann (E-mail: [email protected]),
written as part of the LL.M Intensive Course
- Corporate Governance -
(LawComm709), held 11 – 17 June 2008 at the Faculty of Law of the University of Auckland
by Professor John H. Farrar and Professor Susan Watson.
1/53
- Table of Content -
I. Introduction: Identification of 'Four Lines of Defence' against Corporate Financial Misstatements 3
II. Audit Regulation Reform Programs after Enron 7
A. The US Sarbanes- Oxley Act of 2002 8
B. The European Response 9
C. The Australian Response 12
D. New Zealand's Response 13
III. Comparison of Core Provisions 15
A. Internal Control 15
B. Auditor Independence 20
(1) Non- Audit Services 25
(2) Audit Partner Rotation and Cooling - off Period 29
(3) Pre-approval by and Reporting to the Audit Committee 30
C. The Audit Committee 33
(1) Management Independence 33
(2) Financial Competence 37
D. Public Accounting and Audit Oversight 39(1) Auditing, Quality Control, Ethics, and Independence
Standards 40
(2) Registration of Public Accounting Firms 43
IV. Conclusion 48
Appendix: Bibliography 52
2/53
I. Introduction: Identification of 'Four Lines of Defence' against Corporate Financial Misstatements
Investors buying shares, and thereby providing equity capital for entrepreneurial
purposes, will do so only if reliable and credible information about a company's
financial situation, its assets and its liabilities are available. Reliable and
credible financial statements are necessary for investors to build an opinion
whether or not a current share price seems to be attractive or not in relation to
an 'internal' share value to be deduced from financial statements as a base for
any assessment of future profit and cash flow expectations. The public's
confidence in financial statements is therefore crucial for functioning capital
markets.
However, it is an almost common view obtained from past experiences, that a
substantial risk of failure or even intended wrongdoing by company
management and directors unavoidably follows from the agency problem of
separation between ownership and control. As far as financial reporting is
concerned, management and (executive) directors will often have at least a
short- term interest to exaggerate the company's financial position, not only
because they want to enhance their careers and appear successful, but also
because management remuneration regularly comprises components
connected to share price performance within a certain time frame. The risk of
financial misstatements has therefore to be limited by way of establishing
effective internal and external control mechanisms, regarded as effective as
possible by investors. So in the past as well as currently, in order to restore
investors' confidence after corporate governance failures, governments and
legislators regularly try to improve reliability and confidentiality of financial
statement by way of introducing more sophisticated rules as well as better
mechanisms to safeguard compliance.
In the following research paper new or enhanced legislative and regulatory
approaches in regard to core matters of corporate governance concerning
3/53
financial statements of publicly held issuers in the United States, the European
Union, in Australia, and in New Zealand will be introduced and compared.
These approaches have been developed and implemented in the wake of major
corporate collapses following world- wide stock market bubbles around the
millennium.1 Enhanced regulation was at first introduced in the U.S. in the
shape of the Sarbanes-Oxley Act of 2002 and, in its aftermath and strongly
influenced by it, in the EU, in Australia and, in parts, in New Zealand.
However, it is not possible to scrutinize the whole of relevant new regulation in
regard to control of financial reporting here. Thus, as to keeping a focus on core
regulations for control over the ways financial statements are being prepared by
public companies and checked by their external auditors, selection was
necessary. After introducing reform programs within the four jurisdictions
examined in this paper more generally, enhanced rules regarding the following
“four lines of defence”2 against disguised corporate misconduct and fraud
through financial misstatement will be examined in more detail.
(1) Internal Control Systems
To be effective, internal and external financial control mechanisms must reach
to the very bottom of a company's bookkeeping system. An important case in
point is the maintenance of internal control systems by the public company itself
in order not only to allow management and the board of directors to control
current and future risks but to put also the external auditor in a position to reach
to the bottom of day- to- day business and the way transactions are being
recorded. Today's complex public companies with subsidiaries often
established under many jurisdictions, otherwise seem impossible to oversee. By
using the internal control system in connection with the bookkeeping system for
external accounting purposes, the auditor can compare and assess the ways in
1 Such as Enron, WorldCom, and Global Crossing in the U.S., Parmalat in Europe, and HIH in Australia.
2 Based on a similar list included in: Communication from the Commission to the Council and the European Parliament on Preventing and Combating Corporate and Financial Malpractice COM (2004) 611 final.
4/53
which information is being transmitted within the company for internal reporting
purposes on the one hand and financial data recorded for external reporting
purposes on the other.
(2) Auditor Independence
The essential role of the auditor is to provide an independent and informed
assessment of the financial reports prepared by the company.3 As the
accounting firm that is keeping the company's books and which may provide
many other services to their client, has or develops almost unavoidably a long
standing relationship with senior company management and close connections
to running day-to-day business, the audit process is required to safeguard as
far as possible compliance with accepted accounting standards for the
preparation of financial statements, on which outside investors may base their
investment decisions. This is only of value, if persons responsible for carrying
out external control are not, and are not being regarded as, standing 'on the
side' of company management, (executive) directors, or other personnel that
they are instructed to control in the shareholders' and the general public's
interests. To ensure the effectiveness of this process, maintaining auditor
independence is thus prerequisite, as it is for reliability and credibility of
financial statements.
(3) Management Independence of Audit Committees
Furthermore, to increase shareholders' confidence in financial statements,
effective safeguards to prevent management from intervening into the auditing
process seem to be necessary after revelations of collaboration between
management and external auditors, strongly detrimental to shareholders and
creditors, have been made within major corporations, in particular in the case
3 Ladakis, “The auditor as gatekeeper for the investing public: Auditor independence and the CLERP reforms – a comparative analysis” (2005) 23 C&SLJ 416.
5/53
of Enron Corporation, as described in the Powers Report4 and the first federal
court opinion on the Enron matter.5 To this extent, the establishment of audit
committees independent from management and competent in regard to the
preparation of financial statements may enhance corporate governance in the
area of financial reporting and auditing - without impeding effective composition
of the board of directors itself, where different and more diverse abilities of
members as well as closer connections to management may be useful.
(4) Public Oversight of Auditors
As another important step to limit the risk for investors and the general public to
get misled by financial statements that have not been prepared and examined
in compliance with established accounting and auditing standards, an
independent oversight, representing the general public's interest in proper
financial reporting and effective capital markets, may provide a further 'line of
defence' against corporate financial reporting malpractice by safeguarding the
auditor's role as a reliable 'gatekeeper'.
It will be shown that the regulatory approaches towards these issues are quite
similar in the U.S., the EU and in Australia as their legal content is concerned,
although they differentiate in parts substantially as to the level of corporate
governance regulation at which they are located and as to the range of
admissible deviation. It will be argued, that New Zealand may enhance its rules
in regard to auditor independence and public oversight of the accounting and
auditing industry to keep pace with international developments.
4 Powers, et al, Report of Investigation by the Special Investigative Committee of The Board of Directors of Enron Corp (February 2002) 2002 WL 198018.
5 Newby v Enron Corporation, 2002 WL 31854963.
6/53
II. Audit Regulation Reform Programs after Enron
In the aftermath of the market crash and major corporate collapses around the
millenium, the question had been raised, which sort of legal means would best
enhance and maintain reliability and credibility of financial statements made by
public companies to the investing public and at which costs. There is an
ongoing debate between the corporate 'contractarians', who believe in the
power of markets and the wisdom of trusting to private ordering, and 'anti-
contractarians', who tend to favour regulatory solutions.6 The 'contractarian'
position was severely challenged by the market collapse around the millennium,
which demonstrated potential weaknesses of corporate governance in general,
accounting and auditing regulation, and its oversight.7
The truth may lie somewhere in between, as higher degrees of regulation allow
the assumption of lower risks, but cause higher compliance costs, whereas
lower degrees of regulation cause lesser compliance costs but may lead to
higher risks. In addition, from a company's and long term shareholder's
perspective, higher profit expectations are unavoidably connected with higher
risks and vice versa. However, the need for further regulation of accounting,
auditing and related corporate governance issues to establish stricter contours
within which 'contract and market-based approaches' can operate was, for the
time being, almost undisputed.8
When considering new regulation in the area of corporate governance, the
question arises, which level of regulation should be addressed. These possibly
are, with decreasing strengths of available remedies for their enforcement: (1)
Legal regulations, (2) stock exchange listing requirements and accounting/
auditing standards, (3) codes of conduct and best practice guidelines, and (4)
6 Butler & Ribstein, “Opting Out of Fiduciary Duties: A Response to the Anti-Contractarians” (1990) 65 Wash L Rev 1.
7 Dewing & Russell, “Accounting Auditing and Corporate Governance of European Listed Companies: EU Policy Developments Before and After Enron” JCMS (2004) 42/ 2, p 289.
8 Harshbarger, Goutam & Jois,”Looking Back and Looking Forward: Sarbanes-Oxley and the Future of Corporate Goverance” 2007 40 Akron L Rev 1, par 17.
7/53
business ethics.9 All of these regulatory levels, but with substantially different
emphasis, have been addressed by legislative or regulatory reform programs
within the four jurisdictions in order to improve reliability and credibility of
financial statements of public companies. Apart from legal regulations in the
narrow sense, levels of corporate governance (2) to (4) increasingly include the
market- based approach. Although the fourth level, business ethics,10 is
regarded here as of general importance for corporate conduct and its
governance, and in particular for the professions, they will only be discussed
where legally binding ethical minimum standards have not yet been set. That is
partially the case in New Zealand in regard to auditor independence.
A. The US Sarbanes- Oxley Act of 2002
The US- Sarbanes-Oxley Act of 2002 ('SOX') was signed into law on 30 July
2002 with the aim to change the way public companies do their business by
setting up new rules concerning accounting, auditing, corporate governance of
public companies, and by reforming the oversight of the accounting profession
through establishment of the Public Company Accounting Oversight Board
(PCAOB).11 U.S. Congress intended SOX to address systemic weaknesses of
the capital markets which had been revealed and that showed significant
failures of the audit process and led to a breakdown in corporate financial
responsibility.12 The act established a comprehensive framework to modernize
and reform the oversight of public company auditing, to improve quality and
transparency in financial reporting by those companies, and strengthened the
independence of public company auditors.13 The reforms were based on the
analysis that at the heart of the diverse collapses lay conflicts of interests of
management, board of directors, and auditors. Management had a self interest,
9 Farrar, Corporate Governance: Theories, Principles, and Practice (2nd edition, Oxford University Press, South Melbourne (Victoria), 2005) page 4.
10 There are three basic characteristics of ethical standards: (1) Beyond mere self interest, (2) possibility of universal application, and (3) being defensible by rational response. Farrar, Corporate Governance: Theories, Principles, and Practice (2nd edition, Oxford University Press, South Melbourne (Victoria), 2005) p 449.
11 Public Company Accounting Reform and Investor Protection Act of 2002 (“Sarbanes-Oxley Act of 2002”), Pub L No 107-204, 116 Stat 745/ 15 U.S.C. §7201 et seq.
12 Hamilton & Trautmann Sarbanes-Oxley Act of 2002 (Chicago, CCH Inc., 2002) p 13.13 Ibid.
8/53
especially due to stock options as part of their remuneration, in presenting the
financial position in a more attractive way than the facts warranted, while the
auditors had a self interest in not investigating the company's accounting
arrangements too thoroughly to maintain major clients as a source of (major)
fees, including often much more valuable fees for non- audit than for audit
services, whereas directors had an interest in a 'quiet life' relying on senoir
management instead of taking their oversight duties seriously.14
SOX is applicable to issuers as defined in its Section 2 a (7), i.e. companies
listed on a U.S. stock exchange as long as the number of nominal public
shareholders remains above the threshold of 300 as prerequisite for the
application of the Securities and Exchange Act of 1934 of which SOX is a part.15
From this follows, that SOX provisions are directly applicable to companies
established in other countries as long as they are (cross-) listed in the U.S. In
the same way, its provisions concerning public oversight of accountants and
auditors are applicable to foreign auditors or auditing firms providing or
substantially partaking in audits of public companies as defined above, up to
date regardless of the quality of their domestic public oversight.
B. The European Response
Despite the fact that the collapse of Enron had little economic impact outside
the U.S., it has had an legislative impact beyond the borders of the U.S., not
only directly because of the application of SOX provisions to public companies
established under foreign jurisdictions, but listed on a U.S. stock exchange, and
their auditors, but also indirectly through new legislation concerning the
problems in capital markets that had been revealed in the U.S. and which had
been considered as being of concern in Europe as well. However, when similar
excesses and abuses in fact came to light in several prominent European firms
14 Davis “Enron and Corporate Governance Reform in the UK and the European Community” in Armour & McCahery (Ed.) After Enron: improving corporate law and modernising securities regulation in Europe and the US (Oxford, Portland, OR : Hart, 2006) p 418.
15 Section 12 g (5) US Securities and Exchange Act of 1934.
9/53
- for example Vivendi Universal, ABB, Royal Ahold and in particular Parmalat -
the minds of European policy- makers and regulators as well as of investors
and the general public focused on the weaknesses of corporate governance
systems in Europe. In particular the Parmalat case, described as the European
equivalent to Enron, indicated shortcomings in accounting and auditing
standards as well as of corporate governance rules in a similar manner as was
recognised in the U.S.16
At EU level, on the basis of the Financial Services Action Plan (FSAP)17, reform
attempts in the area of accounting, auditing, and corporate governance had
already been underway since 1999. The diverse corporate collapses therefore
did not trigger wholly new legislative initiatives in Europe but significantly
enhanced reforms already in progress.18 The FSAP included as part of the
intended introduction of common financial reporting standards for listed
companies in the European Union the goal of developing accompanying
standards for auditing these financial reports to safeguard comparability of
reported financial results throughout the Community.19 In 2000 the Commission
issued its Communication in regard to further steps to be taken to adopt
International Accounting Standards20 (IAS, now integrated into International
Financial Reporting Standards, IFRS), as well as for the implementation of
International Standards on Auditing (ISA) as an essential part of an European
single capital market.21
As far as the statutory audit is concerned, the development of professional
ethical standards and the implementation of effective quality assurance had as
16 Engelen “Preventing European Enronitis” The International Economy [2004] Summer Edition, p 40, 41/2.
17 European Commission, Financial Services: Implementing the framework for financial markets: Action Plan COM (1999) 232.
18 Davis “Enron and Corporate Governance Reform in the UK and the European Community” in Armour & McCahery (Ed.) After Enron: improving corporate law and modernising securities regulation in Europe and the US (Oxford, Portland, OR : Hart, 2006) p 420.
19 European Commission, supra, p 720 Instead of US- GAAP, the adoption of which was beeing discussed but discarded, in
particular because of the lack of any european influence on their further development.21 European Commission, EU Financial Reporting Strategy – the way forward COM (2000) 359
p 3 par 2.
10/53
well already been put on the agenda.22 The financial reporting strategy included
the development of harmonized structures to enforce the common application of
new accounting standards, monitoring of the accounting profession by
independent supervisory authorities, and effective sanctions for any
malpractice.23
The events leading to the SOX legislation in the U.S. accelerated these reforms
and led to new impetus to the initiatives and helped overcoming resistance
against further harmonization at Community level.24 As early as April 2002 the
Commission responded directly to the Enron revelations by issuing a note to the
informal Ecofin Council meeting held in Oviedo which - inter alia - concerned
internal controls, auditor independence, board structures, as well as EU policy
action in regard to the spillover effects of SOX.25 The Commission further
extended the range of topics to be included in an assessment by the High Level
Group of Company Law Experts (HLGCLE), due to the importance of reliable
statutory audit regulation as a complement to what was already underway in
regard to more general issues of corporate governance.26 Apart from
accounting, auditing, and connected matters, the HLGCE was not in favour of a
single European code of corporate governance, but rather recommended
improving harmonisation of national systems, at least under the comply-or-
explain principle.27 In September 2004, a strategy was then put forward to
combine the Company Law Action Plan and the FSAP to promote corporate
governance into one strategy, in particular consisting of developing proposals to
amend the existing company law directives to modernize accounting and
22 European Commission, EU Financial Reporting Strategy – the way forward COM (2000) 359 p 9 par 27.
23 European Commission, ibid., p 4 par 8.24 Davis “Enron and Corporate Governance Reform in the UK and the European Community”
in Armour & McCahery (Ed.) After Enron: improving corporate law and modernising securities regulation in Europe and the US (Oxford, Portland, OR : Hart, 2006) p 421.
25 European Commission, A first EU response to Enron related policy issues (Note for the informal Ecofin Council, Oviedo 12- 13 April 2002) http://eur-lex.europa.eu at 7 August 2008.
26 Bolkestein (European Commission), The EU Action Plan for Corporate Governance (Speech held at the Conference on the German Corporate Governance Code, Berlin, 24 June 2004) http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/04/ 331&format=HTML&aged=1&language=EN&guiLanguage=en at 7 August 2008.
27 High Level Group of Company Law Experts, European Corporate Governance in company law and codes (The Hague, The Netherlands 18 October 18 2004) http://corpgov.nl/page/downloads/Final%20Report2.pdf at 7 August 2008 page 2.
11/53
auditing standards and to compel all EU listed companies to produce a
corporate governance statement explaining their internal checks, and to reaffirm
the collective duty on board members to publish financial statements. As far as
the audit process is concerned, a new directive on statutory audits was finally
adopted to provide for a modernized common basis for audit regulation
throughout the European Union, which Member States had to implement before
29 June 2008.28
C. The Australian Response
Besides the corporate collapses in the U.S. and Europe, in a similar manner
Australian cases such as the failures of HIH Insurance, Ansett Australia,
One.Tel and Harris Scarfe highlighted the need for review of corporate
governance regimes, particularly in regard to auditor independence. The initial
response of the Australian Government was to commission the Ramsay
Report29 to investigate auditor independence, which was released in October
2001.30 In 2002 the Australian Securities and Investments Commission (ASIC)
released the findings of an auditor independence survey of the top 100
Australian companies.31 It was found that most companies used the same audit
firm to provide non-audit services and all except two of the responding
companies did not have an audit committee.32
The Treasury then issued a discussion paper (CLERP 9 discussion paper) in
September 2002 reviewing audit regulation,33 which was, besides some of the
28 Art 53 section 1 of Directive 2006/43/EC of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC, OJ [2006] L157/87.
29 Ramsay, The Independence of Australian Company Auditors (Report to the Minister for Financial Services and Regulation, Melbourne, October 2001).
30 Brooks, Chalmers, Oliver & Veljanovski “Auditor independence reforms: Audit committee members' views” (2005) 23 C&SLJ 151, 152.
31 Australian Securities and Investments Commission, ASIC Announces Findings of Auditor Independence Survey (Press Release 02/13, 16 January 2002) http://www.asic.gov.au.
32 Ibid.33 Department of the Treasury, Corporate Disclosure: Strengthening the Financial Reporting
Framework (2002) (CLERP9) http://www.treasury.gov.au/contentitem.asap?pageld+035& ContentID=403.
12/53
conclusions and recommendations presented in the HIH Royal Commission
Report, followed in due course by the Federal Government with the CLERP 9
(Audit Reform and Corporate Disclosure) Draft Bill in October 2003. The
Corporate Law Economic Reform Program (Audit Reform and Corporate
Disclosure) Act 2004 then came into operation in July 2004, mainly by
amending the Corporations Act 2001 in regard to auditor independence and
accounting and auditing oversight.
The ASX Corporate Governance Council further released its Principles of Good
Corporate Governance and Best Practice Recommendation (ASX Principles) in
March 2003 as in principle a 'comply or explain regime' for listed companies.34
The ASX Listing Rules for the top 500 Australian listed entities have been
amended to the extent that the establishment of an audit committee is
mandatory for these issuers, save that more detailed rules in regard of its
composition are mandatory only for the top 300 entities of the S&P/ ASX All
Ordinaries Index.35
D. New Zealand's Response
In New Zealand a discussion was as well triggered whether or not the
structures of corporate governance should be overhauled in a way similar to
those in the U.S., the EU, and Australia, particularly as far as the reliability of
financial disclosures is concerned. In May 2003, the New Zealand Securities
Commission commenced a consultation process in order to identify areas which
were being regarded as in need of modernization. The Securities Commission
identified during this process nine key areas, among others risk management,
auditing, and the establishment of board committees.36 This resulted in the
issue of the Securities Commission's Corporate Governance in New Zealand:
Principles and Guidelines of 16 February 2004 (NZ Corporate Governance
34 ASX Corporate Governance Council, ASX Good Corporate Governance and Best Practice Recommendations (31 March 2003).
35 ASX Listing Rule 12.736 Farrar, Corporate Governance: Theories, Principles, and Practice (2nd edition, Oxford
University Press, South Melbourne (Victoria), 2005) p 226.
13/53
Guidelines).37
The Security Commission’s approach to corporate governance depends in the
first place on disclosure of corporate governance practices by entities reporting
to shareholders and other stakeholders.38 But the nine principles listed in the NZ
Corporate Governance Guidelines are relatively vaguely formulated. This may
follow from the fact that they are meant to be applicable not only to listed
issuers, but also other issuers, state-owned enterprises, community trusts, and
public sector entities.39 The guidelines for the application of the nine principles
provide more detailed instruction, but issuers have to report only against the
principles.40
As far as issuers listed on the New Zealand Stock Exchange (NZX) are
concerned, these were expected by the Securities Commission to be likely to
addressing all issues covered by the Corporate Governance Guidelines under
NZX Listing Rules.41 Expressly, it was not intended by the Securities
Commission to impose a dual reporting regime for listed companies.42 In August
2003 the NZX has amended the NZX Listing Rules in regard to audit
committees of listed issuers as well as certain auditor independence
requirements. A Corporate Governance Best Practice Code (NZX Code) has
been added as Appendix 16 to the Listing Rules. The NSX Code sets out best
practices for various corporate governance matters including the composition
and operation of board committees. Although compliance with the NZX Code is
not mandatory, a listed issuer is required under NZX Listing Rule 10.5.3(i) to
disclose in its annual report whether the corporate governance principles
adopted by it differ materially from those set out in the NZX Code. Furthermore,
the Institute of Chartered Accountants of New Zealand (ICANZ) has established
its Code of Ethics of June 2003 as 'authoritative guidance on minimum
37 New Zealand Securities Commission, Corporate Governance in New Zealand: Principles and Guidelines (Securities Commission, Wellington, 2004).
38 New Zealand Securities Commission, ibid., p 5.39 Ibid, p 4. 40 Ibid, p 5.41 Ibid.42 Ibid, p 6.
14/53
acceptable standards', where further independence requirements for auditors
have been established.43
III. Comparison of Core Provisions
In the following paragraphs regulations in the U.S., EU, Australia and New
Zealand in regard to the four identified 'lines of defence' against corporate
malpractice concerning financial reporting and auditing will be introduced and
compared.
A. Internal Control
Internal control of a company concerns information and management of risks
and opportunities affecting value creation or preservation and therefore
affecting the company's (future) financial statements.44 Risk in this sense
concerns four different, but interconnected aspects which can influence the
company's capability to reach its defined financial goals as communicated to,
and then expected by investors:
(1) Strategy: Implementing a strategy by senior management and the
board of directors to reach defined goals;
(2) Operations: Effective and efficient use of a company's resources in its
operations;
(3) Finance: Reliability of a company's internal and external reporting,
and
(4) Compliance: General compliance with applicable laws and regulations
by directors, management, and staff.45 43 Institute of Chartered Accountants of New Zealand, Code of Ethics (ICANZ, Wellington, June
2003, as of October 2006) Introduction 1.44 Steinberg, Miles, Everson, Frank, Martens & Nottingham, Enterprise Risk Management -
Integrated Framework/Executive Summary (Committee of Sponsoring Organizations of the Treadway Commission, September 2004) p 3, www.aicpa.org at 24 June 2008).
45 Ibid., p 4.
15/53
Hence the purpose of internal control is that of determining general integrity and
compliance of all material activities of the company. Therefore it must be global
in nature and integrating all units which organizationally or geographically may
be separate, processing real- time, and reporting comprehensively at all
management levels.46
SOX assures that a public company's management can be held responsible for
financial representations in their companies reports. The Act requires the chief
executive officer (CEO) and the chief financial officer (CFO) of a public
company to certify in periodic reports containing financial statements filed with
the SEC the appropriateness of financial statements and disclosures to the
extent that the company's operations and financial condition are fairly
represented (Section 302 SOX).47 These far reaching requirements are
supported by a threat of quite severe criminal fines.48
In close connection with the requirement of certification of financial statements
by senior management, Section 404 SOX further establishes a duty for public
companies that its annual reports have to be accompanied by a statement by
company management that management is responsible for creating and
46 Chorafas, IFRS, Fair Value and Corporate Governance (Oxford, CIMA, 2006) p 409- 410.47 In particular, the CEO and the CFO must certify in each annual or quarterly report that (1)
the signing officer has reviewed the report; (2) the report does not, based on the officer's knowledge, contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made misleading; (3) the financial statements, and other financial information included in the report, based on the officer's knowledge, fairly present in all material respects the financial condition and results of operations of the issuer for the financial periods presented in the report; (4) the signing officers are responsible for establishing and maintaining internal controls and have designed such internal controls to ensure that material information relating to the company and its consolidated subsidiaries is made known to such officers by others within those entities, and that they have evaluated the effectiveness of the company's controls; (5) the signing officers have disclosed to the company's auditors and the audit committee all significant deficiencies in the design or operation of internal controls which could adversely affect the company's ability to record, process, summarize, and report financial data and have identified for the auditors any material weaknesses of internal controls as well as any fraud, whether material or not, that involves management or other employees who have a significant role in the issuer's internal controls, and (6) the signing officers have indicated in the report any significant changes in the internal controls.
48 Fine up to US$ 1 million/ 10 years prison or up to US$ 5 million/ 20 years prison for any willfully wrongdoing (Section 906 SOX).
16/53
maintaining adequate internal controls which have to be assessed as regards
effectiveness by the company's external auditors within the audit of the public
company.49 However, without such an internal control system, senior
management would in fact not be able to certify the appropriateness of financial
statements without the risk of severe criminal penalties.
As the proper functioning of internal controls of public companies in Europe is
concerned, the European 'legislator' applies an approach that is different from
that in SOX and takes into account Europe's legal traditions, after which the
board as a whole is bearing responsibility for the proper oversight of internal
risks of the company.50 In this regard, Directive 2006/43/EC does not include
wholly new provisions to be applied by Member States, though Section 22 of
the Preamble to the Directive states: '(…) effective internal control systems
contribute[s] to minimise financial, operational, and compliance risks and
enhance the quality of financial reporting.' Accordingly, the Directive requires
the audit committee (or alternative body) of listed entities to monitor the
effectiveness of the company’s internal control and risk management systems.51
Further, Article 41 Section 4 of the Directive requires the auditor of a 'public-
interest entity'.52 to report to the audit committee on material weaknesses in
internal control systems in relation to the financial reporting process. The
requirement of listed companies to publish an annual corporate governance
statement must in addition include a description of the main features of any
existing risk management and internal control system in relation to the financial
reporting process.53
49 Hamilton & Trautmann, Sarbanes-Oxley Act of 2002 (Chicago, CCH Inc., 2002) p 65.50 European Commission, Preventing and Combating Corporate and Financial Malpractice
COM (2004) 611 final.51 European Corporate Governance Forum Statement on Risk Management and Internal
Control (Brussels, June 2006) http://ec.europa.eu/internal_market/company/docs/ ecgforum/statement_internal_control_ en.pdf at 7 August 2008.
52 As defined in Article 2 section 13 of the Directive 2006/43/EC: Entities established under the law of a Member State whose transferable securities are admitted to trading on a regulated market of any Member State within the meaning of section 14 of Article 4(1) of Directive 2004/39/EC; credit institutions; insurance undertakings; and other entities designated as public interest entities by Member States, due to their significant public relevance because of their size, the nature of their business, or the number of their employees.
53 European Corporate Governance Forum, Statement on Risk Management and Internal Control (Brussels, June 2006) http://ec.europa.eu/internal_market/company/docs/ ecgforum/statement_internal_control_ en.pdf at 7 August 2008.
17/53
Similarly in contrast to SOX, the implementation of an effective internal control
system is not yet generally mandatory for Australian public companies. But to
encourage management accountability in relation to the company's financial
reports, recommendation 4.1 to the ASX Principles proposes a listed entity to
require its CEO and the CFO to state in writing to the board that the company's
financial reports present, in accordance with applicable accounting standards, a
true and fair view of the company's financial condition and operational results.
This recommendation is linked to recommendation 7.2 of the ASX Principles,
after which the CEO and the CFO should be required to state in writing that a
sound system of risk management and internal compliance and control is in
place, operating efficiently and effectively in all material respects.54 The content
of these recommendations has obviously been obtained from Sections 302 and
404 SOX, save that senior management should report to the board of directors,
not to ASIC as the Australian equivalent to the SEC, and save that there is a
stark contrast between the criminal penalty threat under SOX and the nature as
a recommendation under ASX Listing Rules.
The board of director's duty to monitor establishment and implementation of a
risk management and control system by company management is
recommended under point 7.1 of the ASX Principle to be supported, instead of
external auditors, by the internal audit department in the first place. As
appropriate procedures are concerned, the ASX Principles refer to standard
AS/NZS 4360 'Risk Management within the Internal Audit Process.55 It is then
regarded as a task to the audit committee to monitor the internal audit function
independently from management.56 Of course, the evaluation of proper internal
control and risk management systems is then part of the external audit as well.
As set out in Principle 6 of New Zealand Securities Commission's NZ Corporate
Governance Guidelines, the board should regularly verify that the entity has
54 ASX Corporate Governance Council, ASX Good Corporate Governance and Best Practice Recommendations (31 March 2003).
55 Issued by the Institute of Internal Auditors Australia and Standards Australia in 2002.56 ASX Corporate Governance Council, supra.
18/53
appropriate processes that identify and manage potential and relevant risks.
Thus, internal controls as effective risk management processes will generally be
required as to accommodate the types of risks that the entity is likely to face,
including legal compliance, financial, operational and, additionally mentioned,
technological and environmental risks.57 NZX Listing Rule 3.6.3 (a) further
establishes responsibility of the audit committee to ensuring that internal control
processes are in place so that the board of directors is properly and timely
informed on corporate financial matters.
Equivalent provisions to those in the U.S. under SOX in regard to internal
control mechanisms and management responsibility for financial statements
have not been implemented in any other of the three jurisdictions. This has had
good reason. The SOX regulations concerning internal control mechanisms and
management responsibility for financial statements have been blamed for at
least partially being responsible for a decline of dominance of the American
capital markets as foreign company management would not be too enthusiastic
about the threat of severe criminal penalties in cases of even negligent financial
misstatements and may, if in doubt, prefer to offer common stock at other
financial centres.58 In addition, the requirement to implement an internal control
system, including reporting procedures and infrastructure, has a significantly
increasing effect on accounting and general compliance costs for public
companies in the U.S.59 On the other hand, it has been shown, that the annual
costs to maintain such systems regularly decline after their initial
implementation and add value to a company as they enhance the quality of
internal controls.60 However, this argument may support a business decision to
invest in a more sophisticated control system, but not its mandatory introduction 57 New Zealand Securities Commission, Corporate Governance in New Zealand: Principles
and Guidelines (Securities Commission, Wellington, 2004) p 19.58 Cox, “New wind blows across US securities regulatory landscape” (2007) 81 ALJ 297.59 The SEC had first been estimating that its proposed rules would require additional 5 hours
per issuer in connection with each quarterly and annual report. After receiving some feed-back in regard to its assumption the SEC's final rule revised the estimate to "around . . . US$ 91,000 per company", excluding cost burdens in connection with the auditor's attestation. As of mid-2005, costs in fact were at $ 4.36 million on average per company. Ribstein, “Sarbanes-Oxley After Three Years” (2005) 3 NZ Law Review 365, 380; but in 2006 these costs declined to US $2.9 million on average per public company (The Economist Five years under the thumb – Sarbanes-Oxley (London 28 July 2007 Vol. 384, Iss. 8539) p 76.
60 The Economist Five years under the thumb – Sarbanes-Oxley (London 28 July 2007 Vol. 384, Iss. 8539) p 76.
19/53
and its oversight by public authorities. In this regard, the views in the EU and
Australia seem to prevail as the matter of internal risk may better be handled
between management, board and shareholders on the base of evaluations by
internal and external auditors within the mechanisms of private company law
alone. In particular because of widely different company structures and different
general exposures of companies to different kinds of risk, it does not seem
reasonable to establish standards for internal risk management systems by
public authorities. More flexible market forces may be in a better position to
secure that appropriate internal control mechanisms are in place.
B. Auditor Independence
An audit is the process by which an auditor as a competent independent person
expresses an opinion on whether a financial report which has been prepared by
a company is in all material respects in accordance with an identified financial
reporting framework.61 It is a process of systematic verification of books and
accounts, including vouchers and other financial or legal records of the audited
entity.62 The focus of this process had traditionally been the proper application
of accounting standards, but has been extended to cover also internal control
mechanisms including organisational and operational issues.63 Thus, an audit
enhances credibility of a company’s proper risk management, reliability of its
financial reports, and provides stakeholders with an assurance as to the
reliability of the information provided.
The auditor's independence is therefore an essential part of the very definition
of this whole process.64 Accordingly, the issue of auditor independence is at the
centre of the SOX legislation.65 Public confidence in the integrity of financial
statements of public companies is based on the belief in the independence of
61 Ladakis, “The auditor as gatekeeper for the investing public: Auditor independence and the CLERP reforms – a comparative analysis” (2005) 23 C&SLJ 416, 417.
62 Chorafas IFRS, Fair Value and Corporate Governance (Oxford : CIMA, 2006) p 443.63 Ibid.,p 443.64 Ladakis, supra.65 Hamilton & Trautmann, Sarbanes-Oxley Act of 2002 (Chicago, CCH Inc., 2002) p 46.
20/53
the auditor from his client which has two sides. As far as audit services and
certification must be secured before an issuer of securities can go to market
and have his securities listed on a stock exchange, and to comply with statutory
reporting requirements, this grants a franchise to public accountants, since their
services are essential and necessary for access to the public capital market.
This franchise is conditional in that the public auditor is assumed in the U.S. to
certify public financial reports with ultimate allegiance to the company's
creditors and stockholders as well as the investing public.66 The public auditor
must therefore maintain total independence from the client at all times and
complete fidelity to the public trust.67 SOX comprises detailed rules to safeguard
compliance with these latter requirement as will be shown in more detail under
sub- paragraphs (a) to (d).
As the independence of statutory auditors is concerned, the European
Commission issued its Recommendation on Statutory Auditors' Independence
on 16 May 2002.68 This recommendation included already most of the issues
raised by the SOX legislation, but led to different, and less harsher proposals.
However, the non- binding character of this measure was later regarded as
insufficient. Instead, the European Commission proposed, after an extensive
debate between the Commission, the HLGCLE, Member State's governments
and the Committee on Auditing, a new directive on statutory audits that was
adopted as Council Directive 2006/43/EC on 17 May 2006 and amended the
Fourth and the Seventh Company Law Directive and replaced the Eighth
Company Law Directive on statutory auditing in the European Union.69
As stated in Section 11 of the Preamble to Directive 2006/43/EC, statutory
auditors and audit firms should be independent when carrying out statutory
audits. Although they may inform the audited entity of matters arising from the
audit, they should not partake in any internal business decision of the audit
66 Hamilton & Trautmann, Sarbanes-Oxley Act of 2002 (Chicago, CCH Inc., 2002) p 47.67 US Supreme Court CT 1984, 1983-84 CCH Dec. 99, 721.68 European Commission, Recommendation 2002/590/EC Statutory Auditors' Independence in
the EU: A Set of Fundamental Principles.69 OJ [2006] L157/87.
21/53
client. Thus, as provided for in Article 22 of the Directive, Member States shall
ensure in their national laws that a statutory auditor may not carry out a
statutory audit if there is any direct or indirect financial, business, employment
or other relationship between the statutory auditor, audit firm or audit network
and the audit client from which an objective, reasonable and informed third
party would conclude that the statutory auditor's independence is compromised.
If the statutory auditor's independence is affected, the statutory auditor must
apply safeguards in order to mitigate those threats. The statutory auditor must
not carry out the audit if the threats remain despite application of available
safeguards. Article 24 of the Directive further requires Member States to ensure
that the owners or shareholders of an audit firm as well as the members of the
administrative, management and supervisory bodies of such a firm, or of an
affiliated firm, do not intervene in the execution of a statutory audit in any way
which jeopardises the independence and objectivity of the statutory auditor who
carries out the audit.
In Australia there had formerly not been a blanket requirement of auditor
independence. The Ramsay Report70 recommended this requirement which
was then implemented. Sections 324CA, 324CB, and 324CD Corporations Act
2001 now provide that an auditor is not independent if the auditor might be
impaired, or a reasonable person with full knowledge of the relevant facts and
circumstances might form an opinion that the auditor is impaired, in the
auditor’s exercise of the objective and impartial judgement on all matters arising
from the auditor’s engagement.71 Besides this general statement, a non-
inclusive list of core circumstances which necessarily are to be regarded to
mean that an auditor is not independent due to a conflict of interest preventing
an auditor or audit firm from providing audit services at the same time are: Any
employment relationship between auditor and auditing client, any financial
relationship, and any business relationship as further defined in Section 324 CE
(7) and Section 324 CF (7) Corporations Act 2001. The importance of auditor
independence is further acknowledged within CLERP9 as implemented by the
70 Ramsay, The Independence of Australian Company Auditors (Melbourne, October 2001).71 Brooks, Chalmers , Olive & Veljanovski, “Auditor independence reforms: Audit committee
members' views” (2005) 23 C&SLJ 151, 158.
22/53
Audit Reform and Corporate Disclosure Act 2003 in that an auditor provide a
written declaration to the board of directors, confirming compliance with the
independence requirements of the Act, and the profession’s code of
professional conduct, any contravention of which will be subject to strict liability
(Section 307C Corporations Act 2001). If independence requirements are
endangered, the auditor or audit firm must ensure not to continue to engage in
audit activities under those circumstances (Sections 324 CE Subsections (1) d)
and 324 CF Subsections (1) d) Corporations Act 2001, respectively). Within 7
days after recognising a possible conflict of interests, the auditor or audit firm
must give notice to ASIC under Section 324 CE (1A)(e) or Section 324 CF
(1A)(e) Corporations Act 2001, respectively. ASIC will then forward this notice
to the board of directors of the audit client under Section 324 CE (1D) or
Section 324 CF (1D) Corporations Act 2001, respectively.
In New Zealand Section 204 Companies Act 1993 requires the auditor of a
company to avoid any conflict of interest by ensuring when carrying out his
duties, that his judgment is not impaired by reason of any relationship with, or
interest in, the company or any of its subsidiaries. This more subjective
approach is then complemented objectively by Section 199 (2) Companies Act
1993, which sets out that a director or employee of a company as well as a
partner or employee of a director or employee of the company may not be the
auditor of that same company. Obviously this approach is much weaker than
those in the other three jurisdictions as only employment and business links
between client and auditor are addressed. However, the New Zealand
Securities Commission considers external auditing as critical for integrity in
financial reporting which it views as depending upon auditors observing the
professional requirements of independence, integrity, and objectivity.72 Principle
7 of NZ Corporate Governance Guidelines sets out the board of directors
should ensure the quality and independence of the external audit process.
Some guidelines are further given to specific aspects of auditor independence.
Similar provisions are set out in the NZX Code at 3.1 to 3.6 and in the
72 New Zealand Securities Commission, Corporate Governance in New Zealand: Principles and Guidelines (Securities Commission, Wellington 2004) page 21.
23/53
NZSX/DX73 Listing Rule 3.6 as part of the rules in regard to audit committees.
Apart from that, maintenance of auditor independence is left to the profession's
self regulation, in particular the ICANZ Code of Ethics.74
Paragraph 35 of the Code of Ethics defines independence as follows:
'Independence is:
(a) Independence of mind — the state of mind that permits the provision of an opinion without being affected by influences that compromise professional judgement, allowing an individual to act with Integrity and exercise Objectivity and professional scepticism; and
(b) Independence in appearance — the avoidance of facts and circumstances that a reasonable and informed third party, having knowledge of all relevant information, including safeguards applied, would reasonably conclude a firm’s or a member of the assurance team’s Integrity, Objectivity or professional scepticism had been compr[o]mised.'
Sub- paragraph (b) of this definition is, in contrast to the Companies Act 1993,
similar to those in the other three jurisdictions in that it takes an objective
approach in its definition of 'independence in appearance', whereas the first part
of the definition in subparagraph (a) is more of an ideational nature, impossible
to control. The principle of 'independence' is placed after the principles of
'objectivity', defined under paragraph 32 as 'a state of mind which has regard to
all considerations relevant to the task in hand but no other', resulting in an
'obligation [...] to be fair, impartial and intellectually honest', and 'integrity',
which, according to paragraph 16, 'implies not merely honesty but fair dealing
and truthfulness'. Thus, independence is accompanied by these principles with
a more positive content, for which's achievement independence is a
precondition. However, the Code of Ethics does not provide for detailed rules of
objectivity, integrity, or independence.
73 As regards issuers within the NZSX and NZDX indices, and not issuers within NZAX.74 Cheung & Hay, “Auditor Independence: The Voice of Shareholders” University of Auckland
Business Review, Spring 2004, p 67, 68.
24/53
(1) Non- Audit Services
SOX introduced measures aiming at strengthening public auditors
independence by seriously separating between audit and non-audit services.
There lies already an inherent conflict in the fact that an auditor is paid by a
company for which the audit is being performed. An even more substantial
conflict developed in the last decades preceding the SOX legislation where
management consulting services offered by major accounting firms had grown
rapidly and thereby eroded the independence that an auditor must be expected
to maintain. A conflict of interest is also bound to arise whenever other
substantial non-auditing services are provided by the auditing firm, especially
where the accompanying fees are significant. Non- audit services in the sense
of SOX accordingly means any professional services provided to a company by
a registered public accounting firm other than services connected with an audit
or a review of the financial statements of an issuer of securities.75 Although
accounting firms may be divided into units to perform different tasks, the firms
may remain reluctant to uncover any errors in financial statements that they
have prepared.
The simultaneous provision of non-auditing services in deed may contribute to
the risk of 'audit failure', as the auditors are likely to be keen to retain profitable
positions of appointment and the accompanying fees.76 Proponents of the
provision of simultaneous audit and non- audit services rather suggest,
however, that non-auditing services provide an accounting firm with the
expertise to better understand a client’s business and an added income which
leads to greater independence.77 But this argument is not convincing as it
contradicts the very definition and function of the auditor as a third party
between the company's board and senior management (control) and its
shareholders (ownership). In addition, empirical evidence has recently been
75 Hamilton & Trautmann, Sarbanes-Oxley Act of 2002 (Chicago, CCH Inc., 2002) p 48.76 Ladakis, “The auditor as gatekeeper for the investing public: Auditor independence and the
CLERP reforms – a comparative analysis” (2005) 23 C&SLJ 416, 421.77 Kim, “Recent Developments: Sarbanes-Oxley Act” (2003) 40 Harvard Journal on Legislation
235, 244.
25/53
provided, that, for example, internal control weaknesses are more likely to be
identified, if auditors of a public company provide less non- audit services.78
SOX therefore establishes a separation between audit and non- audit services
to draw a line around a limited list of non- audit services that accounting firms
may in principle not provide to public company audit clients, because that would
create a fundamental conflict of interest.79
The list of prohibited non- audit services in Section 201 SOX is based on simple
and compelling principles.80 First, an accounting firm should not audit its own
work for which it has been paid by the audit client. Therefore the list includes
bookkeeping services, financial information systems design, appraisal or
valuation services, actuarial services, and internal audit outsourcing services.
Second, the accounting firm should not take part in management decision
making or be in any employment position to the audit client.81 Thus, human
resources services such as recruiting, hiring, and designing compensation
packages for officers, directors, and managers of an audit client are in principle
prohibited. Third, the accounting firm should not at the same time act as an
advocate of the audit client.82 This would be the case if the accounting firm
provided legal and expert services in legal, administrative, or regulatory
proceedings, or serving as broker- dealer, investment adviser, or investment
banker, which places the auditor in the role of promoting an audit client's
common stock.
No limitations are placed on accounting firms in providing non- audit services to
public companies that they do not audit or to any private companies, as SOX
aims at assuring the auditor's independence and not at putting an end to the
provision of such services by public accounting firms.83
78 Yan Zhang Jian Zhou Nan Zhou, “Audit committee quality, auditor independence, and internal control weaknesses” Journal of Accounting and Public Policy 26 (2007) 300.
79 The PCAOB is given authority to make exemptions on a case-by-case basis, where it believes that to be in the public interest and consistent with investor protection (Section 201b SOX). Other non- audit services than listed in that section, including tax advisory services, may be provided only if pre-approved by the PCAOB (Section 201 a '(h) SOX).
80 Hamilton & Trautmann, Sarbanes-Oxley Act of 2002 (Chicago, CCH Inc., 2002) 49.81 Ibid.82 Ibid, p 50.83 Sarbanes (Banking Committee, Washington DC, 8 July 2002, Cong. Rec., page S6332)
26/53
In Europe, the provision of non- audit services by a public company auditor was
already identified as a severe risk to the auditor's independence in the 2002
Commission Recommendation on auditor independence.84 In the case of any
threat to the auditor's independence by the parallel provision of non- auditing
services by the auditor or auditing firm, at least safeguards were recommended
to be applied by the auditor in order to mitigate those threats. These may for
example have the shape of so called 'chinese walls' between different
departments of an audit firm. If adequate safeguards are not available, the audit
may not be carried out by that same auditor, or audit firm.
Later on, Directive 2006/43/EC provided for binding rules on auditor
independence to be implemented by Member States. However, as far as non-
audit services are concerned, it is not exactly clear, when, in accordance to
Article 22 section 2 of Directive 2006/43/EC, they exactly qualify as a threat to
the auditor's independence. But the Directive mentions that any case of self-
review, self-interest, and advocacy must be taken into account since these
situations do lead to the assumption that the auditor's independence is under
threat. This directly reflects the three principles resulting in the list of prohibited
non- audit services in Section 201 SOX as described above, but without
providing as detailed rules. As far as statutory audits of 'public-interest entities'85
are concerned and 'where else appropriate to safeguard the statutory auditor's
or audit firm's independence', a statutory auditor or an audit firm may in general
not carry out a statutory audit in cases of self-review or self- interest. This
proscribes in particular bookkeeping services for the audit client and substantial
non- audit services leading to a significant impact on the auditor's income
stream that may affect the ability to judge independently. The latter will foremost
be the case if substantial management consulting services are being provided
by the auditor or the auditing firm. Article 42 section 1 of Directive 2006/43/EC
furthermore instructs Member States to implement provisions into their
domestic law safeguarding that statutory auditors confirm annually to the audit
committee their independence from the audited public- interest entity and
84 European Commission, Recommendation 2002/590/EC, Statutory Auditors' Independence in the EU: A Set of Fundamental Principles .
85 As defined in Article 2 paragraph 13 of the Directive 2006/43/EC (see fn. 52).
27/53
disclose annually to the audit committee any additional services they may have
provided.
In Australia CLERP9 requires, according to the recommendations in the
Ramsay Report,86 that the annual report identify the provision of all non-audit
services and their applicable fees, together with an explanation of why they do
not compromise auditor independence.87 However, already at the time of the
legislative proposal many companies had developed policies in this area and
had pro- actively made these disclosures in their financial reports.88 In addition,
Section 324 CE (6) and Section 324 CF (6) Corporations Act set a time limit for
individual auditors and individual auditors of audit firms of 10 hours work on
non- auditing services within the 12 month preceding the audit report and within
the period for which the audited financial report has been prepared. Apart from
that, most principles reflected by the list in Section 201 SOX are part of the
general definition of auditor independence as described above.
The New Zealand Securities Commission regards as being essential, that an
accounting firm should not undertake any work for an audit client that
compromises, or is seen to compromise, the independence and objectivity of
the audit process. However, the Securities Commission suggests that boards of
directors themselves need to consider this question in the context of their
entity.89 In guideline 7.5 of New Zealand Securities Commission's Principles and
Guidelines it is therefore solely proposed that boards of issuers should report
annually to shareholders and stakeholders on the amount of fees paid to the
auditors, differentiated between fees for audit and fees for individually identified
non- audit services, including an explanation why non- audit services
undertaken by the auditor did not compromise their independence.
86 Ramsay, The Independence of Australian Company Auditors (Report to the Minister for Financial Services and Regulation, Melbourne, October 2001) p 10 -11
87 Brooks, Chalmers, Oliver & Veljanovski, “Auditor independence reforms: Audit committee members' views” (2005) 23 C&SLJ 151, 160.
88 Schelluch & Gay, “The impact of the proposed CLERP 9 legislation on the auditing profession” (2004) 22 C&SLJ p 280, 281.
89 New Zealand Securities Commission, Corporate Governance in New Zealand: Principles and Guidelines (Securities Commission, Wellington 2004) p 21.
28/53
(2) Audit Partner Rotation and Cooling - off Period
Rather than requiring issuers to rotate their accounting firms as had been
discussed within the legislative procedure in regard to SOX, to provide public
companies with assumed benefits that accrue with a new accountant with a
fresh and skeptical view on the company's financial statements, registered
public accounting firms are required to rotate its lead partner90 or coordinating
audit partner and its review partner91 on audits to the effect that neither role is
performed by the same person for the same client for more than five
consecutive years (Section 203 SOX). Section 206 SOX further places a
prohibition on an accounting firm providing audit services for a public company
if a former employee of the firm, involved with the audit of that company during
the one- year period preceding the audit initiation date, is now a CEO, financial
officer, controller or in an equivalent position to that company.
Directive 2006/43/EC as well provides in Article 42 section 2 for the key audit
partner/s responsible for carrying out a statutory audit to rotate from the audit
engagement, but within a maximum period of seven years from the date of
appointment. Before engaging in the audit of the same entity again, a period of
at least two years must have been completed. Article 42 section 3 of the
Directive further obliges Member States to ensure that key auditors or audit
partners carrying out or being responsible for a statutory audit of a 'public
interest entity' may not take up a key management position in the audited entity
before a period of at least two years has elapsed since his resignation as a
statutory auditor or key audit partner from the audit engagement.
In Australia, CLERP9 mandates a five-year, in exceptional cases seven year
rotation of persons who have played a significant role in the audit of a listed
auditing client, such as individual auditors, lead auditors and review auditors
90 The lead partner is the partner who is in charge of the audit engagement. 91 The review partner is the outside partner brought in to review the work done by the lead
partner's audit team.
29/53
(Section 324 DA Corporations Act).92 CLERP9 also introduced a two-year
cooling-off period for lead or review auditors before they can become an officer
of the audit client (Sections 324CI and 324CJ Corporations Act).
The New Zealand Securities Commission regards rotation of auditors as
important to promote independence and objectivity over time, but considers at
the same time the costs that are caused in addition when a new auditor is
engaged. Therefore guideline 7.4 suggests, in accordance with international
developments as described above, that an issuer’s audit should not be led by
the same audit partner (i.e. lead and engagement audit partners) for more than
five consecutive years.93 The NZSX/DX Listing Rule 3.6.3.(f) establishes the
audit committee's responsibility for compliance with this recommendation. A
cooling- off period for auditors before taking up a management position in a
former client company has not yet been implemented in New Zealand.
(3) Pre-approval of Services by, and Reporting to the Audit Committee
SOX requires that all audit services and admissible non- audit services must be
pre-approved by the audit committee to protect investors against disguised
conflicts of auditor's interests (Section 202 '(i) '(1) 'A SOX). Non- audit services
provided by firms other than the company's auditor do therefore not need to be
pre- approved. The Act does also not limit the number of, or hours to spend on
non- audit services provided by the auditor, but prescribes that each non- audit
service be specifically identified in order to be approved by the audit committee.
Auditors are further required by SOX to report in a timely manner directly to the
audit committee to ensure awareness of the audit committee of key
assumptions underlying the company's financial statements and of
disagreements between management and the company's auditor (Section 204
SOX). This must include critical accounting policies or practices, possible
alternative treatments of financial information within US-GAAP as discussed
92 Schelluch & Gay, “The impact of the proposed CLERP 9 legislation on the auditing profession” (2004) 22 C&SLJ p 280, 281.
93 New Zealand Securities Commission, Corporate Governance in New Zealand: Principles and Guidelines (Securities Commission, Wellington 2004) p 21.
30/53
with management, any disagreements between management and auditor
regarding accounting practices, and any other material written communication
between management and auditor.
Instead of the audit committee as provided for in SOX, in accordance with
Article 37 section 1 of Directive 2006/43/EC, in Europe the auditors are to be
appointed by the general meeting of the company after proposal by the board or
supervisory board, respectively. A conflict of interest may therefore arise
between the auditor’s duty to shareholders and the investing public and his
interest to remain in his position, because that depends upon according
proposals of the board or supervisory board to the general meeting.94 Pre-
approval by the audit committee of non- audit services provided by the auditor
or audit form is not required. In the case of a 'public- interest entity', where
establishment of an audit committee or equivalent body is mandatory, pursuant
to Article 41 section 4 of Directive 2006/43/EC, Member States must provide in
their national laws that statutory auditors report to the audit committee of the
entity or any equivalent corporate committee (Article 41 section 5 of the
Directive).
In a similar way as in Europe, auditors are appointed by the general annual
meeting in Australia (Section 327 Corporations Act 2001), relying on
recommendations made by the board.95 Thus, although, in theory, the
shareholders appoint an auditor, in practice, the company’s directors or senior
management determine the placement, as is the case in Europe. Approval of
non- audit services by the audit committee is as well not required.
The Australian Stock Exchange’s Principles of Good Corporate Governance96 of
31 March 2003 in relation to composition, operation and responsibility of audit
94 Ladakis, “The auditor as gatekeeper for the investing public: Auditor independence and the CLERP reforms – a comparative analysis” (2005) 23 C&SLJ 416 p 420.
95 Ladakis, “The auditor as gatekeeper for the investing public: Auditor independence and the CLERP reforms – a comparative analysis” (2005) 23 C&SLJ 416, p 420- 421
96 ASX Corporate Governance Council, ASX Good Corporate Governance and Best Practice Recommendations (31 March 2003).
31/53
committee are mandatory for entities included in the top 300 of the S&P All
Ordinaries Index at the beginning of its financial year.97 The listing rules require
the audit committee to report to the board of directors, but do not include
detailed rules in regard to the recipient of the auditor's report, though they
recommend that the required charter for the committee should give audit
committee members direct and independent access to internal and external
auditors (recommendation 4.4). Thus it may be concluded from these
provisions, that auditors should report to the audit committee. Listed entities
that are not in the S&P All Ordinaries Index are only required to disclose in their
annual report whether or not they had an audit committee and whether or not its
composition, operation and responsibilities complied with the best practice
recommendations.
The New Zealand Securities Commission regards the audit committee as
crucial in selecting and recommending board and shareholder appointment of
auditors, and in overseeing all aspects of their work, as stated in the Securities
Commission's remarks to principle 7 of its Principles and Guidelines.98
However, according to Sections 196 and 198 Companies Act 1993, it is also the
annual general meeting to appoint the company's auditor after proposals from
the board of directors towards which the audit committee may give
recommendations. The latter is mandatory under NZSX/DX Listing Rule 3.6.3
(b). Section 200 Companies Act 1993 further provides for an automatic
reappointment of the auditor if no contrary decision of the general meeting or
disqualifying circumstances in the sense of Section 199 Companies Act 1993
occur, thereby weakening transparency and shareholder control over the
person of the company's auditor even further. As is the case in Europe and
Australia, pre- approval of non- audit services by the audit committee is not
required. Section 7.3 of New Zealand Securities Commission's Principles and
Guideline states that the board should 'facilitate full and frank dialogue among
its audit committee, the external auditors, and the company's management.'99
97 ASX Listing Rule 12.7.98 New Zealand Securities Commission, Corporate Governance in New Zealand: Principles
and Guidelines (Securities Commission, Wellington 2004) p 22.99 New Zealand Securities Commission, Corporate Governance in New Zealand: Principles
and Guidelines (Securities Commission, Wellington 2004) p 20.
32/53
NZSX/DX Listing Rule 3.6.3 (b) requires the audit committee, in a similarly
opaque way, to having direct communication with, and unrestricted access to,
internal and 'independent' external auditors.
Not only in the U.S., but as well in Europe and Australia far reaching new
regulation in regard to auditor independence has been introduced, based on
detailed rules in the case of the U.S., and based on principles leading to similar
practical effects in the case of the EU and in Australia. As auditor independence
is regarded as decisive for regaining and maintaining investor's confidence in
the reliability and credibility of corporate financial statements, the current
situation in New Zealand is not satisfactory. A general statutory provision in
regard to auditor independence in the case of publicly held companies should
be introduced, comprising clear and binding rules for a separation between
audit and non- audit services and a cooling- off period for lead auditors of at
least 2 years before taking up a position within the client company that could be
offered as an incentive.
C. The Audit Committee
The corporate failures preceding the SOX legislation have further highlighted
weaknesses of company's internal audit committees to police their auditors in a
proper manner and have raised greater awareness of the need for strong and
competent audit committees with real authority.
(1) Management Independence
Detailed rules for the composition and functioning of the audit committee are
now provided in Section 301 SOX. 'Audit committee' is defined to mean a
committee established by and amongst a company's board of directors for the
purpose of overseeing the accounting and financial reporting processes of the
company and audits of its financial statements (Section 2 a (3) SOX). Board
33/53
members of the audit committee may not have any management or consulting
role for the company other than that as the company's board of directors
member. Public companies are further required by SOX to provide their audit
committees with authority and funding to engage independent counsel and
other advisers as the committees deem necessary in order to carry out their
duties. To prevent a situation where a auditor views his main responsibility as
serving the company's senior management rather than its board of directors or
its audit committee, SOX requires audit committees to be directly responsible
for the appointment, compensation, and oversight of the audit process.
As part of the European Corporate Governance and Company Law Action Plan,
the European Commission first issued its general Recommendation on the role
of non-executive or supervisory directors of listed companies and on
(supervisory) board committees of 15 February 2005.100 This Recommendation
establishes rules for the general composition of the board or supervisory board
which is of importance also for the composition of any subcommittee, as the
latter will be composed by selected directors. Section 3.1 of the
Recommendation provides that administrative, managerial and supervisory
bodies of listed companies should include in total an appropriate balance of
executive and non-executive/supervisory directors such that no individual or
small group of individuals can dominate decision-making on the part of these
bodies. Director's independence is defined in Section 13.1 of the
Recommendation as being 'free of any business, family or other relationship,
with the company, its controlling shareholder or the management of either, that
creates a conflict of interest such as to impair his judgement.' Section 5 of the
Recommendation suggests that company boards should be organised in such a
way that a sufficient number of independent non-executive or supervisory
directors play an effective role in key areas where the potential for conflict of
interest is particularly high. This is regarded to be the case as the internal
supervision of management independence of external auditors is concerned.
Therefore, all listed companies in Member States shall in principle, at least on a
100European Commission, Recommendation 2005/162/EC on the role of non-executive or supervisory directors of listed companies and on the committees of the (supervisory) board, OJ [2005] L52/51.
34/53
'comply or explain' basis, establish audit committees, composed not exclusively,
but at least by a majority of non- executive or supervisory directors (Section 41
of Annex I to the Recommendation).
The Recommendation was partially amended respectively completed by
provisions of Directive 2006/43/EC as far as 'public-interest entities' are
concerned.101 Article 41 section 1 of Directive 2006/43/EC provides that each of
these entities must have an audit committee, save that Member States may
permit the functions assigned to the audit committee to be performed by other
separate administrative or the supervisory body as a whole. Section 6 of the
Recommendation sets out that the audit committee should not decide itself
upon matters it is concerned with, but rather to make recommendations aimed
at preparing the decisions to be taken by the (supervisory) board. The purpose
of the committee is therefore to increase the efficiency of the (supervisory)
board by limiting the impact company management may potentially have,
thereby making sure that decisions are based on due consideration and made
free of material conflicts of interest. Accordingly, the (supervisory) board as a
whole remains fully responsible for the decisions taken in the field of financial
reporting, internal control, and auditing.
In Australia as well there had been increasing pressure on companies to
establish independent audit committees. In 2002 already more than 186 of ASX
top-200 companies had audit committees, of which only 26 included executive
directors.102 However, at present there is no statutory recognition of audit
committees in Australia, apart from the Corporations Act 2001 giving directors
under their general powers of management the right to delegate these powers
to a committee of directors, for example to an audit committee.103 In March 2005
the Australian Government explicitly rejected several of the Joint Committee of
Public Accounts and Audit's recommendations, in particular the idea that audit
committees should be mandated in the Corporations Act, on the basis that
101As defined in Article 2 paragraph 13 of the Directive 2006/43/EC (see fn. 52)102Lumsden, “Audit committee membership and its consequences” (2002)20 C&SLJ 340.103Brooks, Chalmers, Oliver, Veljanovski, “Auditor independence reforms: Audit committee
members' views” (2005) 23 C&SLJ 151, 161.
35/53
corporate governance standards should in its opinion not be legislated, referring
to the ASX listing rules.104 Of the top 500 publicly held companies that are
required under the ASX listing rules since May 2004 to have an audit
committee, only the top 300 have to comply with the detailed rules of the ASX
Best Practice Recommendations in relation to composition, operation and
responsibility of audit committees.105 However, it is mandatory for all top 500
issuers since 1 July 2005, that the audit committee must have at least three
members, be comprised only by non- executive directors, at least a majority of
which as well as the chair must be ‘independent’. The chair must not be chair of
the board of directors. Listed entities that are not in the S&P All Ordinaries
Index are only required to disclose in their annual report whether or not they
had an audit committee and whether its composition, operation and
responsibilities complied with the ASX Best Practice Recommendations.106
The ASX Best Practice Recommendation 4: ‘Safeguard integrity in financial
reporting’ requires a company to have a structure that independently verifies
and safeguards the integrity of the company’s financial reporting.107 It is
recommended that an audit committee should oversee the appointment of
auditors and their independence of listed companies.108 From this follows, that
external auditors should communicate directly with the audit committee in
regard to all substantial matters arising from the audit.
In New Zealand, for publicly held companies the establishment of an audit
committee is required under NZSX/DX Listing Rule 3.6.1. The audit committee
must have at least three members, the majority of which must be independent
(NZSX/DX Listing Rule 3.6.2). The committee must have the responsibilities of
recommending the appointment and removal of external auditors, overseeing all
104 Australian Government, Government response to Joint Committee of Public Accounts and Audit, Review of independent auditing by registered company auditors (Australian Government, March 2005, at http://www.aph.gov.au/house/committee/jpaa/indepaudit/ govresp391.pdf.
105ASX Listing Rule 12.7.106ASX Listing Rule 12.7; ASX Corporate Governance Council, ASX Good Corporate
Governance and Best Practice Recommendations (31 March 2003). 107Financial Reporting Council, Report on Auditor Independence 2006-07 http://www.frc. gov.
au/reports/2006_2007_AAIR/ 2006_2007_AAIR-04.asp#P284_39570 (at 1 August 08)108Ibid.
36/53
aspects of the entity's relationship to the audit firm, and having direct access to
internal as well as external auditors.
(2) Financial Competence
Financially knowledgeable audit committee members are important for dealing
with the complexities of financial reporting, to understand auditor judgments and
support the auditor in auditor- management disputes, and to address and detect
material misstatements.109 Committees at least partially consisting of such
members are overall more likely to perform their oversight roles in the financial
reporting process effectively.110 Based on the recommendations of The Blue
Ribbon Committee on Improving the Effectiveness of Corporate Audit
Committees (BRC)’s in 1999, after which each audit committee should have at
least one financial expert, highlighting the importance of the financial literacy
and expertise of audit committee members, Section 407 SOX requires issuers
to disclose in periodic reports, whether a financial expert serves on an issuer’s
audit committee and, if not, why not.
Section 11.2 of the Commission Recommendation on the role of non executive
directors sets out that members of the audit committee should, as a collective
body, have a recent and relevant knowledge of finance and accounting
appropriate to the company’s activities (Section 4.1 of Annex I to the
Recommendation111). In the case of a 'public- interest entity at least one
member of the audit committee must have competence in accounting and/or
auditing (Article 41 section 1 Directive 2006/42/EC) .
In contrast to SOX and Council Directive 2006/43/EC, neither the CLERP 9 Act
nor the ASX Listing Rules or the ASX Corporate Governance Best Practice
109Yan Zhang Jian Zhou Nan Zhou, “ Audit committee quality, auditor independence, and internal control weaknesses” Journal of Accounting and Public Policy 26 (2007) 300, 305
110Ibid.111European Commission, Recommendation 2005/162/EC on the role of non-executive or
supervisory directors of listed companies and on the committees of the (supervisory) board, OJ [2005] L52/51.
37/53
Recommendations do specifically provide for financial expertise within the audit
committee.112 The guidance to ASX recommendation 4.3 merely provides that
the audit committee should include financially literate members, who are able to
read and understand financial statements, of which at least one should have
financial expertise as a qualified accountant or be an experienced financial
professional.
At least one member of the audit committee of a New Zealand entity should be
competent in the field of financial reporting, being a chartered accountant or
having another recognised form of financial expertise.113 Under the NZSX/DX
Listing Rule 3.6.2 (d) at least one member of the audit committee must have an
accounting or financial 'background'. It is then explained that this is deemed to
be satisfied either if the member is a chartered accountant, has completed a
course approved by the NZX for audit committee membership, or 'has the
experience and/or qualifications deemed satisfactory by the [b]oard'. The latter
practically undermines the whole requirement of financial expertise within the
audit committee.
As the establishment of audit committees is concerned, all four jurisdictions
acknowledge its importance as part of the governance structure of public
companies. But regulation of the committee's composition vary widely, with the
most far reaching provisions in the U.S. The U.S. approach of a powerful audit
committee seems to be appropriate, given the bunch of other oversight tasks for
the board of directors in regard to a company's operations leading to more or
less close connections between directors and senior management. The audit
committee should therefore play a central role in all internal and external
accounting and auditing matters, in particular in order to internally support and
maintain the auditor's independence from management. In addition, financial
literacy within the committee is essential in order to serve the function of
internal oversight of the controlling, reporting and auditing process. This should
be mandatory for all publicly held entities. The NZX Listing Rules are quite
112Brooks, Chalmers , Oliver, Veljanovski, “ Auditor independence reforms: Audit committee members' views” (2005) 23 C&SLJ 151, 161.
113New Zealand Securities Commission, Corporate Governance in New Zealand: Principles and Guidelines (Securities Commission, Wellington 2004) p 12.
38/53
weak in this regard.
D. Public Accounting and Audit Oversight
The supervision of the accounting and audit profession was furthered in the
U.S. by the establishment of the Public Companies Accounting Oversight Board
(PCAOB). Accounting firms auditing companies listed on a US stock exchange
are required by SOX to register with the PCAOB, which is independent of the
accounting industry and subject to SEC supervision. The PCAOB is required to
oversee the audit of public companies that are subject to the U.S. securities
laws in order to protect the interests of investors and the public interest in the
preparation of informative, accurate, and independent audit reports (Section
101 a SOX). Before establishment of SOX the oversight of the audit process
was in the hands of self established private bodies and therefore sanctions
were imposed, for the most part, privately within these self controlling
structures.114 These structures were deemed as insufficient and contributory to
the failures that had shaken the public's confidence in the capital markets. To
the contrary of the former Public Oversight Board, which depended on fees
from the same auditors it was meant to regulate, the PCAOB is funded by
mandatory fees paid by all public companies to ensure its complete
independence from the accountancy industry.115 Obviously, the former situation
was questionable in that an wholly independent oversight cannot realistically be
expected as long as there is financial dependence on fees from the same
objects of oversight activity. In addition, independence of the PCAOB is
underpinned by way of restricting the PCAOB's ties to the accounting industry.
Not more or less than two of the five board members of the PCAOB must be or
have been certified public accountants to safeguard that the majority is
independent from the accounting profession.
These requirements were highly influential in Europe, inter alia due to the
114Hamilton & Trautmann, Sarbanes-Oxley Act of 2002 (Chicago, CCH Inc., 2002) p 14.115In a similar way, the Financial Accounting Standards Board was also given full financial
independence from the auditing/ accountancy industry.
39/53
purpose of putting the Commission in a position to negotiate a cooperative
trans- atlantic system of reciprocal recognition of public auditor registration and
oversight. A similar situation is faced by ASIC in Australia, even though the
economic ties to the U.S. are not as close as is the case in Europe. Only New
Zealand is still relying on self governing structures within the accounting and
auditing profession alone. This may be due to the fact that there were no major
corporate collapses in New Zealand around the millennium. Possible
revelations in connection with current corporate failures of publicly held
companies such as Blue Chip and a range of other companies within the
finance industry may give new impetus to further reforms.
(1) Auditing, Quality Control, Ethics, and Independence Standards
The PCAOB has powers to set auditing, quality control, and ethics standards for
public accounting firms and is able to enforce those standards by way of
inspections, investigations, and bringing disciplinary proceedings against public
accounting firms (Section 101 c SOX).116 The PCAOB may adopt or amend
auditing, quality control, ethics, and independence standards relating to the
preparation of audit reports issued or recommended by private accounting
industry groups or advisory bodies, or to adopt its own standards independent
from such private accounting standards and recommendations (Section 103 a
(1) SOX). The PCAOB must, in accordance with Section 105 b (1) SOX,
conduct investigations and disciplinary proceedings concerning accounting
firms and their associated persons, and impose appropriate sanctions where
justified against those firms and/or their associates, if it discovers any violation
of SOX, the PCAOB's rules, SEC rules (as far as preparing and issuing of audit
reports are concerned), or professional standards concerning the auditing of
public companies.117
116Hamilton & Trautmann, Sarbanes-Oxley Act of 2002 (Chicago, CCH Inc., 2002) p 20.117 Available sanctions include (1) temporary suspension or permanent revocation of the firm's
registration; (2) temporary or permanent bar of a person from further association with any registered accounting firm; (3) temporary or permanent limitation on the activities, functions, or operations of the firm or person; (4) a civil money penalty for each violation of up to US$ 100,000 for individuals and US$ 2 million for firms - for for violations involving intentional, reckless, or repeated negligent conduct, the amounts are up to US$ 750,000 for person, and US$ 15 million for firms; (5) censure; (6) required professional training or education; and (7)
40/53
The Corporate Governance and Company Law Action Plan included the goal of
implementation of harmonized and internationally acknowledged auditing
standards in Europe. Directive 2006/43/EC on statutory audits has established
a mechanism for the introduction of International Standards on Auditing (ISA) in
the EU. Before the full adoption of ISA, as is already the case in regard to
international accounting standards, sound governance and public oversight of
the audit standard setters, the International Auditing and Assurance Standards
Board (IAASB) and the Public Interest Oversight Board (PIOB), and
transparency of the standard setting process are to be ensured.118 The adoption
of ISA is further conditioned in the Commission's view upon a further
improvement of clarity of the current standards.119 To implement ISA into the
European legislative framework, they have to be adopted by the Commission
on a case-by-case basis through a special consultation process (Section 14 of
the Preamble to, and Article 26 of Directive 2006/43/EC). Quality control, ethics,
and independence standards may in accordance with the Directive be
developed at Member State level as long as the Commission does not use its
competence under Article 22 Section 4 of Directive 2006/43/EC to adopt
principle- based implementing measures at Community level.
The Australian solution for public oversight of the public company audits is
based mainly on oversight rather than on full regulatory control. As traditionally
the case in all four jurisdictions examined in this paper, professional accounting
bodies developed and monitored accounting as well as auditing standards. The
two main accounting bodies – the CPA Australia and the Institute of Chartered
Accountants in Australia (ICAA)– remain being primarily responsible for
developing and enforcing independence rules through the Auditing and
Assurance Standards Board (AASB).120 However, after implementation of
any other appropriate sanction that the PCAOB's rules permit (Section 105 c (4) SOX).118 Charlie McCreevy (European Commission), “EU audit regulation and international
cooperation” SPEECH/06/592 held at the FEE (Fédération des Experts Comptables Européens) Conference on Audit Regulation (Brussels, 12 October 2006) http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/06/592&format=PDF&aged=1&language=EN&guiLanguage=en at 7 August 2008.
119Ibid. 120Ladakis, “The auditor as gatekeeper for the investing public: Auditor independence and the
41/53
CLERP9 legislative backing of those standards is now provided under Section
336 Corporations Act 2001 as already existed for the financial reporting
accounting standards under Section 334 Corporations Act 2001.121 Further, the
activities of the AASB are now overseen by the Financial Reporting Council
(FRC).122 CLERP9 expanded the role of the FRC to cover oversight of the audit
standard setting process and to monitoring and advising the government on
auditor independence.123 Since July 2004, the FRC has further been given
information gathering powers to support its auditor independence monitoring
role.124 In addition, in February 2006 the ICAA and CPA established the
Australia Accounting Professional and Ethical Standards Board (AQRB) as an
independent body to set the code of ethics and the professional standards by
which their members are required to abide.125 The AQRB was established as a
not- for- profit company at the initiative of the four largest accounting firms.126
However, participation in the programme is voluntary and available to all
Australian audit firms which audit listed companies. The AQRB’s primary
purpose is to monitor the processes by which participating audit firms seek to
ensure their compliance with applicable professional standards and legal
obligations in relation to independence and audit quality with respect to financial
statement audits of publicly listed entities.127
An independent public audit oversight has not yet been established in New
Zealand. Currently, audit oversight in New Zealand is carried out by the New
Zealand Institute of Chartered Accountants (NZICA) which is the professional
body that most auditors in New Zealand belong to.128 Such an oversight body
CLERP reforms – a comparative analysis” (2005) 23 C&SLJ 416, 424.121Brooks, Chalmers, Oliver & Veljanovski, “Auditor independence reforms: Audit committee
members' views” (2005) 23 C&SLJ 151, 156.122Farrar, Corporate Governance: Theories, Principles, and Practice (3nd edition, Oxford
University Press, South Melbourne (Victoria), 2008) page 224.123Brooks, Chalmers, Oliver & Veljanovski, ibid., p 156.124Financial Reporting Council, Report on Auditor Independence 2006-07 http://www.frc.
gov.au/ reports/2006_2007_AAIR/ 2006_2007_AAIR-04.asp#P284_39570 (at 1 August 08) p 4.
125Financial Reporting Council, Report on Auditor Independence 2006-07 http://www.frc. gov.au/ reports/2006_2007_AAIR/ 2006_2007_AAIR-04.asp#P284_39570 (at 1 August 08) p 3.
126Which audit collectively 88 per cent by composition and 96 per cent by market capitalisation of the 300 largest listed entities on the ASX: ibid., p 3.
127Financial Reporting Council, supra.128New Zealand Securities Commission, Bulletin November 2007 (Wellington, November
42/53
within the private self- regulatory system represents the traditional structure that
was prevailing in western economies on the eve of the collapses of Enron,
Parmalat, HIH, and others.
(2) Registration of Public Accounting Firms
Subject to SEC oversight, the PCAOB must register public accounting firms that
prepare audit reports for public companies. According to Section 102 a SOX,
only those accounting firms that register with the board may prepare or issue, or
participate in the preparation or issuance of, any audit report concerning any
issuer. As part of its application for registration, an accounting firm must submit
the names of all companies for which the firm prepared or issued audit reports
during the preceding calendar year, and for which the firm expects to prepare or
issue audit reports during the current calender year. The firm must reveal the
annual fees that it received from each such company for audit services, other
accounting services, and non- audit services. The firm must furthermore submit
a description of its internal quality control policies for its accounting and its
auditing practices.
Foreign accounting firms are treated by SOX essentially in the same way as it
treats U.S. accounting firms. This aims at preventing any incentive for U.S.
companies to favour foreign accounting firms as a means to circumvent the
Act's objectives.129 Decisive for the application of SOX therefore is solely the
fact that a company receiving audit services sells its shares to U.S. investors
and is therefore subject to U.S. federal securities laws. Since the place where it
is incorporated or where it is operating can be in any part or the world, its
financial statements are by no means necessarily audited by U.S. accounting
firms. Therefore, to avoid another possible loophole, the particular auditor's
place of operation does not matter in regard to the application of SOX and the
need for registration with the PCAOB.130 Under Section 106 a (1) SOX, any
2007) http://www.seccom.govt.nz/publications/bulletin/1007/ (at 1 August 2008)129Hamilton & Trautmann Sarbanes-Oxley Act of 2002 (Chicago, CCH Inc., 2002) p 26.130Report of the Committee on Banking, Housing, and Urban Affairs of the United States
43/53
foreign public accounting firm that prepares or furnishes an audit report
concerning an issuer is subject to the Act and related SEC and PCAOB rules in
the same manner and to the same extent as a US accounting firm. Under
Section 106 a (2) SOX, the PCAOB may determine that even a foreign
accounting firm that does not itself issue audit reports nonetheless plays such a
substantial role in the preparation and furnishing of those reports for particular
issuers that they should be treated as accounting firms covered by the Act. This
constitutes a direct impact of SOX on foreign accountancy and audit practice as
far as substantial parts of the auditing process for financial statements of public
companies subject to federal U.S. securities laws are conducted by foreign
accountants. This may be the case where non- U.S. companies are (cross-)
listed on a U.S. stock exchange (Section 106 a (1) SOX) or where U.S.
companies have substantial subsidiaries abroad which may be audited
separately by non- U.S. accounting firms (Section 106 a (2) SOX).
Due to close connections between the U.S. and the European economies, the
registration requirement for EU audit firms with the PCAOB practically subjects
all major EU audit firms to double oversight by both the EU Member States and
the U.S. oversight board. This may not only result in conflicts between the two
oversight mechanisms, but also causes additional administrative and financial
burdens for European audit firms.131 Therefore, at first, EU finance ministers in
2003 urged the EU Commission to negotiate with U.S. authorities an exemption
for EU audit firms from registration with the PCAOB. These attempts remained
to be unsuccessful, as the U.S. authorities in particular regarded the public
oversight of auditors in Europe as not equivalent to the mechanisms
established by SOX.132 Instead of an open conflict on SOX’s spillover effects,
the Commission finally opted for cooperation with the SEC and the PCAOB.133
Since the Parmalat disaster, Europe was itself under heavy pressure from the
public to quickly improve oversight and quality of accounting and auditing
standards. But reciprocal acknowledgment of different accounting and auditing
Senate to accompany S 2673. July 3, 2002, 107-205 page 11.131Engelen, “Preventing European Enronitis” The International Economy, Summer Edition
[2004] p 40, 43132Ibid., p 43133This is now explicitly stated in Article 47 of Directive 2006/43/EC.
44/53
standards as well as oversight structures remain as a main goal in EU policy
towards the U.S. in this area.134
As stated in paragraph 20 of the Preamble to Directive 2006/43/EC, Member
States are required to organise an effective system of public oversight for
statutory auditors and audit firms on the basis of home country control and
reciprocal recognition. They should make possible effective cooperation at
Community level in respect of the Member States' oversight activities,
safeguarded by regulatory arrangements. The system should be governed by a
majority of non- practitioners who are knowledgeable in the areas relevant to
statutory audit and either have never been linked with the audit profession or, in
the case of former practitioners, those should have left the profession. Persons
involved in its governance system must be selected through an independent
and transparent nomination procedure. The competent authorities of Member
States are required to cooperate with each other for the purpose of carrying out
their oversight duties to ensuring high quality in the statutory audit in regard to
cross- border- audits of company groups in the Community. The Directive
establishes in particular ultimate responsibility of the leading group auditor of
consolidated accounts of groups of companies established and operating in
different Member States or third countries, thereby at the same time giving rise
to coordinated oversight of audits of consolidated accounts (Article 27 of
Directive 2006/43/EC). According to Article 15 section 1 of Directive
2006/43/EC, each Member State has to establish a public register for statutory
auditors and auditing firms. A framework to safeguard common standards
based on the principle of reciprocal acknowledgement of registered auditors or
audit firms is set out in that Article. The system of public oversight has to be
empowered with ultimate responsibility for the oversight of the approval and
registration of statutory auditors and audit firms, the adoption of standards on
professional ethics, internal quality control of audit firms and auditing, and
quality assurance as well as investigative and effective disciplinary systems, the
134Charlie McCreevy (European Commission), “EU audit regulation and international cooperation” SPEECH/06/592 held at the FEE (Fédération des Experts Comptables Européens) Conference on Audit Regulation (Brussels, 12 October 2006) http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/06/592&format=PDF&aged=1&language=EN&guiLanguage=en at 7 August 2008.
45/53
latter including the right to conduct investigations in relation to statutory auditors
and audit firms and to take appropriate action. The funding for the public
oversight system has to be independent from any undue influence by statutory
auditors or audit firms. The impact of SOX on establishing these principles is
obvious.
In order to facilitate cooperation between Member State's public oversight
systems, the European Commission set up a Group of Experts at community
level, chaired by the Commission.135 The group’s tasks are to bring about an
exchange of good practice concerning the establishment and ongoing
cooperation of Member State's oversight systems, to contribute to the technical
assessment of public oversight systems of third countries and to the
international cooperation between Member States and third countries, in
particular the U.S. Third country auditors may in accordance with Section 44 of
Directive 2006/43/EC be approved as statutory auditors by Member State
oversight authorities if proof for equivalent independence and oversight
structures has been furnished by the applicant. This aims in particular as a
starting point for further negotiation in regard to reciprocal acknowledgment
between U.S. and EU audit oversight requirements.
In a similar way the Australian accounting profession was effected by SOX due
to cross- listed Australian Companies and Australian subsidiaries of U.S.
corporations. In Australia corporate law administration, comprising maintenance
of a public auditors register, is provided by the Australian Securities and
Investments Commission (ASIC).136 ASIC registers company auditors in
Australia if they satisfy as to their qualifications, experience and competency in
auditing.137 ASIC has been enabled by CLERP 9 to impose conditions on the
registration of company auditors (Section 1289A Corporations Act).138 To
135European Commission, Decision (2005/909/EC) Setting up a group of experts to advise the Commission and to facilitate cooperation between public oversight systems for statutory auditors and audit firms.
136Financial Reporting Council, Report on Auditor Independence 2006-07 http://www.frc.gov.au/reports/2006_2007_AAIR/ 2006_2007_AAIR-04.asp#P284_39570 (at 1 August 08) p 1.
137Ibid., p 2.138Parliament of Australia, Department of Parliamentary Services, Australia’s corporate
46/53
assess compliance with the audit requirements of the Corporations Act 2001
and auditing standards, including audit independence provisions, ASIC
conducts investigations of registered audit firms. Company auditors must report
to ASIC all significant breaches of the Corporations Act 2001.139 Thus, a degree
of independent oversight occurs, but a completely independent and powerful
oversight body alike the PCAOB in the U.S. or the new oversight system in
Europe has not been established in Australia, although it is regarded as critical
to the quality and timeliness of financial reporting by public companies.140
In contrast, in New Zealand structures of self regulation of the accounting and
auditing profession as formerly also prevalent in the other jurisdictions have yet
survived despite international developments as described above in this area.
ICANZ is the only professional accounting body in New Zealand with a
governing council that comprises elected members.141 Its self-regulatory powers
are given to it under the Institute of Chartered Accountants of New Zealand Act
1996. Hence public accountants do not need to register with public authorities.
However, the introduction of a public audit oversight body has been discussed,
but without coming to any result yet. Currently, the New Zealand Ministry of
Commerce/ Department for Economic Development's planned discussion paper
on audit regulation and audit oversight has been put on hold, and an immediate
recommencement is not expected, at least not by the Securities Commission
and the leading four accountancy firms142, as stated in a letter to the Ministry of
Commerce in August 2007.143 The Securities Commission as well as the
accounting firms expressed their view that the introduction of independent audit
regulators—the ACCC, ASIC and APRA (Researchbrief No. 16, 2004–05 14 June 2005) p 15.
139Ibid.140Ladakis, “The auditor as gatekeeper for the investing public: Auditor independence and the
CLERP reforms – a comparative analysis” (2005) 23 C&SLJ 416, 424.141Malthus & Scoble, “Independent Oversight of External Auditors: Is there a
need in New Zealand?” Working Paper Series No. 3/2005, Nelson Marlborough Institute of Technology, December 2005, p 9.
142Which audit 94% of the Top 230 New Zealand publicly held companies: New Zealand Securities Commission, Independent Audit Regulation and Oversight in New Zealand (Public letter, Wellington, 23 August 2007) http://www.seccom. govt.nz/publications /documents/letter-audit2.shtml (at 1 August 2008).
143New Zealand Securities Commission, Independent Audit Regulation and Oversight in New Zealand (Public letter, Wellington, 23 August 2007) http://www.seccom.govt. nz/publications/documents/letter-audit2.shtml (at 1 August 2008).
47/53
oversight is of high priority in New Zealand. In particular they regard the current
audit oversight structure as endangering the capability and credibility to engage
with regulators of other jurisdictions in international audit regulator forums.144
The International Organisation of Securities Commissions (IOSCO) as well
stressed that auditors should be subject to oversight by a body that acts and is
seen to act in the public interest and that is independent from the accounting
industry.145
IV. Conclusion
Enron's collapse and the following legislative reform of corporate governance in
the area of financial reporting has had an decisive influence in Europe and
Australia. By practically subjecting foreign issuers listed in the U.S and foreign
auditors partaking at audits of U.S public companies or their subsidiaries under
SOX provisions, the U.S. legislator triggered similar legislative reform programs
in Europe and in Australia. Even more impetus was added by similar corporate
collapses within both jurisdictions. The omission of such failures in New
Zealand is likely to be connected with the fact that New Zealand's regulation in
regard to safeguarding reliability and credibility of financial reporting of public
companies is weak at two central points which have been significantly
strengthened in the other three jurisdictions: There are no sufficiently precise
rules concerning public auditor independence, able to be overseen, and,
accordingly, there is no independent oversight of public auditors in the general
public's interest. On the other hand, it does not seem to be necessary to
generally force public companies to establish internal control systems as is the
case in the U.S. under SOX. Furthermore, regulation in regard to audit
committees of publicly listed companies in New Zealand is on a level similar to
that in Australia and Europe.
144Ibid.145Diplock, Jane, IOSCO Response to Accounting Scandals (IOSCO, Speech held on the 17
th Asian Pacific Conference on Accounting Issues, Corporate Governance, and Auditing, Wellington 21-22 November 2005) http://www.seccom.govt.nz/speeches/2005 /jds221105. shtml (at 1 August 2008).
48/53
Equivalent provisions as those in the U.S. under SOX in regard to internal
control mechanisms and management responsibility for financial statements
have not been implemented in any of the other three jurisdictions. In this regard,
the views in the EU and Australia seem to prevail as the matter of internal risk
management may better be handled between management, board of directors
and shareholders on the base of private company law alone. In particular
because of widely different company structures and different general exposures
of companies to different kinds of risk it does not seem reasonable to establish
standards for internal risk management systems by public authorities. In this
area, it seems preferable to apply a market based approach, in particular by
requiring issuers to explain internal control mechanisms in their half- year or at
least annual financial reports.
In the U.S. as well as in Europe and in Australia far reaching new statutory
regulations in regard to auditor independence have been introduced. Since
auditor independence is regarded as decisive for regaining and maintaining
investor's confidence in reliability and credibility of corporate financial
statements, the current state in New Zealand is not satisfactory. Continuing to
leave the matter of auditor independence and other ethical standards and their
oversight to the profession itself may be regarded by investors as a defect in
New Zealand's capital market and may trigger an additional risk deduction from
company valuations due to a lesser degree of safeguards against corporate
financial misstatements. A general statutory prohibition of substantial financial,
business, employment and advocacy relationships or advocacy between a
public company, its directors, senior management or substantial shareholders
and the company's auditor or auditing firm should be established. Furthermore,
clear and binding rules for a separation between audit and non- audit services
should be introduced. The requirement of auditor rotation should be
complemented by a cooling- off period of 2 years to be completed before re-
engagement. Auditors should as well be prevented from taking up any major
position within the client public company for a reasonable time of at least 2
years after finishing the audit.
49/53
It would further be useful to require the auditor to report directly to the audit
committee to prevent a prevailing management influence. The committee
should as well get substantial influence on the selection and engagement of
auditors or auditing firms. Given the importance of financial statements for the
investing public on the one hand and the bunch of oversight tasks for the board
of directors in regard to a company's operations on the other, the audit
committee should play a central role in all internal and external accounting and
auditing matters, in particular in order to support and maintain the auditor's
independence from management. At least one member should be competent in
accounting and auditing to put the committee in a position to effectively fulfil its
tasks. Therefore, it is reasonable as far as major corporations are concerned to
require at least one member of the committee to be a financial expert as is the
case in the EU. Best practice recommendations, based on a 'comply or explain'
approach, taking into account different sizes and financial resources available
to companies would serve best in the case of small or medium size public
companies as a compromise between regulation and reliance on market forces.
In need of reform is the traditional structure of self- regulation and oversight of
the accounting and auditing profession in New Zealand, which currently is
similar to those formerly prevalent in the other jurisdictions until they failed
significantly. This is connected with the lack of auditor independence regulation,
as the oversight of which is one central task of public accounting and audit
oversight authorities. This lack of reforms may be due to the fact that there were
no major corporate collapses in New Zealand around the millennium which
could have triggered such reforms from within. Possible revelations in
connection with current corporate failures such as Blue Chip and a range of
other companies, in particular within the finance industry may therefore give
new impetus to reforms already under discussion. Even within a relatively small
economy as New Zealand's, it should be possible to set up an independent
oversight body, for example subject to New Zealand Securities Commission's
oversight, and funded by mandatory fees paid by companies listed on the New
Zealand stock exchange. The competence and experience of the NZICA would
not necessarily get lost, as this institution could be integrated in a new oversight
50/53
structure to continue its activities as a consulting institution supporting a new
public oversight body.
Auckland, 28 August 2008
© André Pollmann
51/53
- Bibliography -146
I. Textbooks
John Armour, Joseph A. McCahery (Ed.), After Enron: improving corporate law and modernising securities regulation in Europe and the US (Oxford, Portland,OR, Hart, 2006)Dimitris N. Chorafas, IFRS, Fair Value and Corporate Governance (Oxford, CIMA, 2006)John H Farrar, Corporate Governance: Theories, Principles, and Practice (3nd edition, Oxford University Press, South Melbourne (Victoria), 2008)J. Hamilton J, T. Trautmann, Sarbanes-Oxley Act of 2002 (Chicago, CCH Inc., 2002)
II. Articles
R P Austin, “Corporate Governance Symposium: What Is Corporate Governance? Precepts and Legal Principles” (2005) 3 NZ Law Review 335Albie Brooks, Keryn Chalmers, Judy Oliver, Angelo Veljanovski, “Auditor independence reforms: Audit committee members' views” (2005) 23 C&SLJ 151Butler & Ribstein, “Opting Out of Fiduciary Duties: A Response to the Anti-Contractarians” (1990) 65 Wash L Rev 1Jeff Cheung and David Hay, “Auditor Independence: The Voice of Shareholders” UoA Business Review, Spring 2004, 67James D Cox, “New wind blows across US securities regulatory landscape” (2007) 81 ALJ 297Kathleen Day, “Sarbanes-Oxley Exception Denied; Small Public Companies Must Comply, SEC Says” Washington Post, 18 May 2006, D2Ian P. Dewing, Peter O Russell, “Accounting, Auditing and Corporate Governance of European Listed Companies: EU Policy Developments Before and After Enron” JCMS 2004 Volume 42 No 2 289-319Klaus C. Engelen, “Preventing European Enronitis” The International Economy, Summer Edition 2004, 40-47Scott Harshbarger, Goutam U., Jois “Looking Back and Looking Forward: Sarbanes-Oxley and the Future of Corporate Goverance” (2007) 40 Akron L Rev 1Klaus J Hopt, “Corporate law, corporate governance and takeover law in the European Union: Stocktaking, reform problems and perspectives” (2007) AJCL 20, LEXIS 2Emma Ladakis, “The auditor as gatekeeper for the investing public: Auditor
146Cited professional, regulatory, and other public sources are not listed here.
52/53
independence and the CLERP reforms – a comparative analysis” (2005) 23 C&SLJ 416Andrew Lumsden, “Audit committee membership and its consequences” (2002) 20 C&SLJ 340Sue Malthus, Kevin Scoble, “Independent Oversight of External Auditors: Is there a need in New Zealand?” Nelson Marlborough Institute of Technology Working Paper Series No. 3/2005Andrew Parker, “PCAOB urged to soften line” Financial Times. London (UK): 18 July 2005 21 Christine Parker, Olivia Conolly, “Is there a Duty to Implement a Corporate Compliance System in Australian Law?” Business Law Review 30 p 275 - 295Peter Schelluch and Grant Gay, “The impact of the proposed CLERP 9 legislation on the auditing profession” (2004) 22 C&SLJ 280Larry E Ribstein, “Corporate Governance Symposium: Sarbanes-Oxley After Three Years” (2005) 3 NZ Law Review 365Richard M. Steinberg Miles E.A. Everson Frank J. Martens Lucy E. Nottingham, “Enterprise Risk Management - Integrated Framework/Executive Summary “(Committee of Sponsoring Organizations of the Treadway Commission, September 2004)Roman Tomasic, “The modernisation of corporations law: Corporate law reform in Australia and beyond” (2006) AJCL LEXIS 2Yan Zhang, Jian Zhou, Nan Zhou, “Audit committee quality, auditor independence, and internal control weaknesses” Journal of Accounting and Public Policy 26 (2007) 300–327
53/53
![Impact Sarbanes Oxley Act Security 1344[1]](https://static.fdocuments.in/doc/165x107/577d33c11a28ab3a6b8ba601/impact-sarbanes-oxley-act-security-13441.jpg)
