Order Code RS21120
Updated November 15, 2002
CRS Report for Congress
Received through the CRS Web
Auditing and Its Regulators:
Reforms after Enron
Bob Lyke
Specialist in Social Legislation
Domestic Social Policy Division
Summary
Accounting problems at Enron, WorldCom, and other companies have raised
important questions about the audits of corporate financial statements. These audits are
performed by independent accountants who are certified public accountants (CPAs);
they are supposed to be carried out in accordance with generally accepted auditing
standards (GAAS), rules which have a carefully defined technical meaning. The U.S.
Securities and Exchange Commission requires audited financial statements when public
companies register to sell new securities and annually thereafter.
Auditor assurances about company financial statements remove a barrier to the
efficient use of capital and offer some protection to third party investors. However, the
recent accounting scandals and numerous revisions of previously-issued financial
statements have eroded public confidence in auditing. While auditors are regulated by
both governmental agencies and professional organizations, many question whether this
oversight has been adequate.
In response to these problems, the 107th Congress enacted the Sarbanes-Oxley Act
of 2002 (P.L. 107-204), which the President signed on July 30, 2002. Among other
things, the Act creates a new oversight board for auditors, prohibits auditing firms from
providing certain consulting work for audit clients, and requires rotation of audit
partners at least every 5 years. It also imposes new requirements on corporate boards
and executives and increases governmental oversight and criminal penalties. On
October 25, a sharply-divided SEC named William Webster as Chairman of the new
oversight board, along with four others. Events preceding the Webster appointment
have prompted several investigations and contributed to the decision by the Chairman
of the SEC, Harvey Pitt, to resign. Mr. Webster will also resign.
What is Auditing?
Broadly speaking, auditing is a systematic process for obtaining and assessing
evidence regarding assertions of one kind or another in accordance with established
criteria. Serious accounting problems at Enron, WorldCom, and other companies have
Congressional Research Service ˜ The Library of Congress
CRS-2
raised important questions about financial statement audits of corporations and other
private sector organizations in which accountants express an opinion on financial
representations made by the management of these entities. Other types of audits include
compliance audits, which see if established policies and procedures are being followed,
and operational audits, which see if organizations are efficient and effective. Accountants
are also increasingly engaged in a widening array of other assurance services, which have
different standards and procedures than audits.
Financial statement audits of private sector organizations usually are done by
independent accountants (sometimes called external accountants). Today nearly all of
these audits are carried out or supervised by accountants who are certified public
accountants (CPAs). Independent accountants are owners or employees of private sector
firms that are separate from the entities they audit; they might be distinguished from
internal accountants, who work for the organizations being audited, and government
accountants, who do most auditing of governmental agencies. However, independent
accountants also do internal and government accounting work.
Financial statement audits of private sector organizations are to be conducted in
accordance with generally accepted auditing standards (GAAS); their basic objective
is to see if the balance sheet and related statements about income, retained earnings, and
cash flows are fair presentations, in all material respects, of certain financial information
in conformity with generally accepted accounting principles.
! GAAS are qualitative standards regarding who is to conduct audits, how
audits are to be planned and carried out, and how audit results are to be
reported; they are not lists of specific audit procedures.
! GAAS have a carefully defined technical meaning that clarifies both
what audits do and what they do not do; understanding these standards
is important when questions arise regarding audit engagements.
! GAAS and other standards for private sector audits are established
largely by the American Institute of Certified Public Accountants
(AICPA).
Generally accepted accounting principles (GAAP) are the conventions, rules, and
procedures that define accepted financial accounting practices at a particular time; they
include both broad guidelines as well as detailed procedures.
! The most important source of GAAP for private sector entities is the
statements and interpretations of the Financial Accounting Standards
Board (FASB), a nongovernmental entity that began operating in 1973,
and similar issuances of its predecessors.
! Other sources of GAAP with lesser authority include issuances from
FASB task forces and staff and from the AICPA, widely accepted
industry practices, and other professional positions and literature.1
1 In early November, 2002, FASB announced that it would help set the agenda and sign off on
all decisions that were henceforth made by its Emerging Issues Task Force (EITF). In addition,
it stated that the AICPA board that had been issuing some technical standards that constitute
(continued...)
CRS-3
! The U.S. Securities and Exchange Commission (SEC) historically has
accepted GAAP developed from these private sources; however, it has
broad authority to establish accounting principles for the companies
within its jurisdiction (generally, public companies whose securities are
offered or sold in interstate commerce). The SEC issues bulletins that
express the views of its staff on various accounting issues.
Auditing plays a critical role in modern economies, which are characterized by large
multi-faceted organizations, complex economic exchanges, and remote relationships
between business managers and the owners and other investors. Managers have the
ability to obtain reliable information about their own organizations, at least in theory, but
it is risky for outside investors and other creditors to rely on managers’ representations
alone. To the extent they provide assurances about these representations, auditors remove
a barrier to the efficient use of capital and offer some protection to parties that could be
indirectly affected by investing decisions. Annual financial statement audits have become
common for nearly all large organizations because of the demands of outside investors
(in the case of business entities), outside supporters (in the case of not-for-profit
organizations), tax authorities, and government regulators. The SEC requires audited
financial statements when public companies register to sell new securities and annually
thereafter.
Who Regulates Auditors?
Auditors are subject to regulatory oversight from both governmental agencies and
professional organizations. In addition, they can sometimes be legally liable for breach
of contract or for a tort (a civil wrong other than breach of contract).
State Boards of Accountancy. These governmental boards (or agencies that
perform similar functions) administer state laws governing accountants and accounting
services. They are responsible for licensing CPAs, for whom there is no national or
federal certification. All states require CPAs to have passed the Uniform CPA
Examination, and most now require new candidates to have at least 150 college credit
hours (i.e., 5 years of college), including courses in accounting subjects. Most states
require CPAs to have 30 to 40 hours of continuing education each year, and some require
practical experience before granting full licenses. State accountancy boards can require
CPAs and their firms to undertake remedial steps to continue their practice, and they
sometimes suspend and terminate licenses. Arthur Andersen, the auditor for Enron,
surrendered its license to practice in all states as of August 31, 2002.
American Institute of Certified Public Accountants. The AICPA is a
professional trade association of certified public accountants. In addition to establishing
auditing standards for the private sector, it has a Code of Professional Conduct for its
members with both general principles and rules of conduct. The six general principles
provide a framework for professional conduct; they deal broadly with CPA
responsibilities, the public interest, integrity, objectivity and independence, due care, and
the scope and nature of services. Members are required to comply with the rules of
1 (...continued)
GAAP (the Accounting Standards Executive Committee) would cease doing so.
CRS-4
conduct (for which formal interpretations provide additional guidance); they include
provisions on independence, engagement standards, confidentiality, contingent fees,
discreditable acts, advertising, etc. Violations are considered by the Professional Ethics
Division (PED) and may result in requirements for continuing education or prior
clearance of future work. Serious misconduct can result in suspension or termination of
AICPA membership. State CPA societies have similar though not always identical rules
for their members. Sometimes state societies and the PED conduct joint investigations.
Securities and Exchange Commission. The SEC is an independent federal
regulatory agency responsible for administering federal securities laws. It has authority
to regulate the initial issuance of securities and their subsequent sale; for both, it requires
companies to submit financial statements that have been audited by independent
accountants. Under Regulation S-X, Rule 2-01, it prescribes qualifications for these
accountants, including the rules just mentioned on auditor independence. Historically the
SEC has relied on the AICPA to oversee accountants, including those who audit public
companies, but under Administrative Rule 2(e) it may disqualify from its practice
accountants who are unqualified, lack character or integrity, engage in unethical or
improper professional conduct, or willfully violate (or aid and abet others to violate)
federal securities laws. Other sanctions include peer review, prohibitions on new
engagements, and requirements for continuing education. Arthur Andersen, Enron’s
auditor at the time of bankruptcy, ceased its SEC practice following its conviction on
federal obstruction of justice charges. Harvey Pitt, the Chairman of the SEC, resigned on
November 5, 2002, amidst criticism of his role in appointing William Webster to the new
accounting oversight board (see below). He will temporarily remain with the
Commission while the President considers naming a new chairman.
Public Company Accounting Oversight Board. The PCAOB was mandated
by the Sarbanes-Oxley Act of 2002 (P.L. 107-204) to oversee auditing of public
companies (i.e., SEC registrants). Though not a federal agency, the Board is subject to
SEC oversight. Among the major issues the Board will be considering are whether new
auditing standards are required, whether additional consulting restrictions should be
imposed on auditors, and whether foreign auditing firms should be exempted from some
of its oversight.
On October 25, a sharply-divided SEC voted to name William Webster, the former
head of the Federal Bureau of Investigation and of the Central Intelligence Agency, to be
the Board’s new Chairman. (Three of the SEC commissioners voted for Mr. Webster,
while the other two instead supported John Biggs, the outgoing chairman of Teachers
Insurance and Annuity Association–College Equities Retirement Fund (TIAA-CREF),
who had been a strong advocate for accounting reform.) The other four Board members
named were Kayla Gillian, Daniel Goelzer, William Gradison, and Charles Neimeier.
The following week, it emerged that Mr. Webster had been the chair of the audit
committee of U.S. Technologies, which has been accused of accounting irregularities and
shareholder fraud. Mr. Webster had informed Harvey Pitt, the Chairman of the SEC, of
his role at the company, but Mr. Pitt had not shared that information with the other four
SEC members. Mounting criticism of Mr. Pitt resulted in his announcement on
November 5 that he would resign, effective some future date. The SEC began two
investigations of these events, one by the its Inspector General and another by its General
Counsel. The General Accounting Office also may open an investigation, and the Senate
Banking Committee was considering holding hearings. On November 7, BDO Seidman,
CRS-5
the audit firm that U.S. Technologies dismissed in August, 2001, challenged the accuracy
of Mr. Webster’s public statements about his role at the firm. On November 12, Mr.
Webster said that he would resign; no effective date was given.
The appointment controversy and resignations have overshadowed steps that the
PCAOB is taking to organize. An initial meeting is scheduled for November 13. First
year costs are anticipated to run between $25 and $50 million; under the Sarbanes-Oxley
Act, the amount is to be advanced from the SEC’s FY2003 budget and then reimbursed
to the Treasury once the Board begins to collect fees.
Other Legal Liability. Auditors can be sued for breach of contract by their clients
(the entities being audited) for failing to carry out their work with due professional care.
Among other things, clients usually must show they suffered damages and that there is a
close causal connection between the breach and the damages. To reduce this risk, most
accounting firms use engagement letters to clarify what they will do and identify client
responsibilities.
Third parties normally can sue auditors only in a tort action, not for breach of
contract. (One exception would be if the third party is a subrogee of the client, such as
a trustee in bankruptcy.) Third parties must also show they suffered damages and that
there is a close causal connection between the auditor’s breach and the damages.
However, in some states, barring a showing of gross negligence or fraud, third parties may
be unsuccessful in their suit unless it is shown that the auditors actually foresaw the
parties would rely on the audit (or in some states, that the auditors might reasonably have
foreseen their reliance). Third parties may also sometimes bring suit against auditors
under provisions of federal securities laws.
What Reforms Were Proposed?
Numerous accounting and auditing reforms were proposed during the 107th
Congress, including some by the accounting industry. Most of the leading proposals
would establish a new oversight board for auditors of public companies, though they
differ on the scope of its powers and the degree of its independence from the SEC and
from the firms and accountants it would regulate.
House Legislation. The leading House bill was an amended version of H.R. 3763
(Oxley), which the House approved on April 24, 2002. Other relevant House bills include
H.R. 3617 (Markey), H.R. 3671 (Hastings), H.R. 3693 (Jackson-Lee); H.R. 3736
(Ackerman); H.R. 3795 (Kucinich), H.R. 3818 (LaFalce), H.R. 3829 (Stupak), H.R. 3970
(Dingell), and H.R. 4083 (LaFalce).
Senate Legislation. The leading Senate bill (S. 2673) was reported by the
Committee on Banking, Housing, and Urban Affairs on June 25, 2002. Floor debate
began on July 8, and an amended version passed on July 15. Other relevant Senate bills
include S. 1896 (Boxer), S. 1933 (Shelby), S. 2004 (Dodd), S. 2056 (Nelson), S. 2247
(Durbin), and S. 2460 (Levin).
Conference Agreement. On July 24, a conference committee reached agreement
on the differences between the bills passed by the House (H.R. 3763) and the Senate (S.
2673, formally an amendment to H.R. 3763). The agreement, the Sarbanes-Oxley Act of
CRS-6
2002, largely follows the Senate amendment, though some modifications proposed by the
House were accepted. Both the House and Senate approved the agreement on July 25, and
the President signed it on July 30 (P.L. 107-204). Among other things, the agreement
creates a new oversight board for auditors, prohibits auditing firms from providing certain
consulting work for audit clients, and requires rotation of audit partners at least every 5
years. The law also imposes new requirements on corporate boards and executives and
increases governmental oversight and criminal penalties. For details, see CRS Report
RL31483, Auditor Reform Proposals: A Side-by-Side Comparison, by Mark Jickling, and
CRS Report RL31554, Corporate Accountability: Sarbanes-Oxley Act of 2002 (P.L. 107-
204), by Michael V. Seitzinger and Elizabeth B. Bazan.
The SEC. On June 26, 2002, the Commission published proposed rules to reform
oversight and improve accountability of auditors of public companies. For details, see
[http://www.sec.gov/rules/proposed/33-8109.htm]. The central part of the proposal, a
requirement that companies’ auditors be members of a new independent public
accountability board (PAB), was largely superceded by the Sarbanes-Oxley Act. On June
28, the Commission identified 945 companies with annual revenues exceeding $1.2
billion whose chief executive and chief financial officers would have to personally certify
that the most recent reports filed with the Commission are both complete and accurate.
For most of these companies, the deadline for these certifications was August 14, 2002.
Since the Enron controversy broke, the SEC has stepped up its review of company
financial statements and started investigations of a number of accounting irregularities.
Some question whether the agency has enough resources to monitor accounting practices
at all public companies, let alone take on new oversight responsibilities. The U.S.
General Accounting Office (GAO) has found that the SEC does not have sufficient staff
or authority even for all of its current work and that it lacks a comprehensive strategy for
dealing with these problems (GAO-02-483T). The Sarbanes-Oxley Act increased the
authorization for SEC appropriations, but final funding decisions have been delayed
pending further congressional action on the fiscal year 2003 appropriations.
The President. On March 7, 2002, President Bush outlined a 10-point plan to
improve corporate responsibility and shareholder protections. Included were proposals
for an independent regulatory board for the accounting profession, for greater investor
confidence in auditor independence and integrity, and for accounting standards more
responsive to investor needs. On July 9, the President called for longer prison sentences
for executives convicted of fraud, a new task force to pursue and prosecute criminal
activity, and additional personnel and funding for the SEC.
The Accounting Industry. The AICPA and the largest accounting firms
generally opposed strict external oversight of auditing, arguing that new regulatory bodies
would be cumbersome and lack professional expertise. They generally opposed wide
bans on providing consulting services for audit clients. For the most part, they favored
the House bill (H.R. 3763) rather than the Senate bill (S. 2673). Since Arthur Andersen
can no longer perform audits, the so-called “Big-5" accounting firms have been reduced
to four: PricewaterhouseCoopers, Deloitte and Touche, KPMG, and Ernst and Young.