SIGMA Spectrum Vol. 2, No. 1

Sarbanes-Oxley Act of 2002:
Do These Reforms Affect Your Business?

by Wynne E. Baker,
CPA, CBA, CFSA
Partner, KraftCPAs

On July 30, 2002, President Bush signed into law the Sarbanes-Oxley Act of 2002. The act, which applies in general to publicly held companies and their audit firms, dramatically affects the accounting profession and impacts not just the largest accounting firms, but any CPA actively working as an auditor of, or for, a publicly traded company.

The accounting profession believes that these provisions are appropriate for Securities and Exchange Commission (SEC) registrants and their auditors and will contribute to the protection of the public interest. The profession is also committed to working with regulators and legislators to implement the act at the federal level.

Here’s a summary of the act as it applies to public companies and their audit firms.

Test Your Misconceptions
About Actuarial Services

Are misconceptions about actuarial services preventing you from gaining the competitive advantage of an actuarial resource? SIGMA Actuarial Consulting Group offers some common misconceptions and their counterpoints.

Misconception #7
“My CPA/auditor says I have to use
their actuary.”

With the implementation of Sarbanes-Oxley, this is not true! The use of an independent actuary is mandated by Sarbanes-Oxley for public companies, and may be a prudent choice for private companies as well.

For six more thought-provoking entries, check out our Top Seven Misconceptions about Actuarial Consulting Services.

Public Company Accounting Oversight Board

Moving to a different regulatory structure, a new Public Company Accounting Oversight Board has been appointed and will be overseen by the SEC. The board, made up to five full-time members, will oversee and investigate the audits and auditors of public companies, and sanction both firms and individuals for violations of laws, regulations and rules.

Board Composition. Two of the five board members must be CPAs. The remaining three must not be and cannot have been CPAs. The chair may be held by one of the CPA members, but he or she must not have practiced accounting during the five years preceding his/her appointment.
Funding. The board will be funded by public companies through mandatory fees. Accounting firms that audit public companies must register with the board and pay registration and annual fees.
Standard Setting. Accounting principles will continue to be set by the Financial Accounting Standards Board (FASB). The board will issue standards, or adopt standards set by other groups or organizations, for audit firm quality controls for the audits of public companies. These standards include: auditing and related attestation, quality control, ethics, independence and “other standards necessary to protect the public interest.” The board has the authority to set and enforce audit and quality control standards for public company audits.
Investigative and Disciplinary Authority. The board is empowered to regularly inspect registered accounting firms’ operations and will investigate potential violations of securities laws, standards, competency and conduct. Sanctions may be imposed for non-cooperation, violations, or failure to supervise a partner or employee in a registered accounting firm. These include revocation or suspension of an accounting firm’s registration, prohibition from auditing public companies, and imposition of civil penalties.
International Authority. Foreign accounting firms that “prepare or furnish” an audit report involving U.S. registrants will be subject to the authority of the board. Additionally, if a registered U.S. accounting firm relies on the opinion of a foreign accounting firm, the foreign firm’s audit workpapers must be supplied upon request to the board or the SEC.

New Roles for Public Companies, Audit Committees and Auditors

The relationships between and responsibilities of accounting firms and their publicly held audit clients are different under the new law. The basic implications are outlined below.

Auditors Report to Audit Committee. Now, auditors will be hired, receive compensation from and report to a company’s audit committee, not management. Members of the audit committee are required to be members of the company’s board of directors, but otherwise independent (do not receive compensation and are not affiliated). Companies are required to disclose whether at least one member of the audit committee is a “financial expert.”
Audit Committees Must Approve All Services. Audit committees must pre-approve all services (both audit and non-audit services not specifically prohibited) provided by its auditor.
Offering Specified Non-Audit Services Prohibited. The law statutorily prohibits auditors from offering certain non-audit services to publicly held audit clients. These services include: bookkeeping, information systems design and implementation, appraisals or valuation services, actuarial services, internal audits, management and human resources services, broker/dealer and investment banking services, legal or expert services unrelated to audit services and other services the board determines by rule to be impermissible. Other non-audit services not banned are allowed if pre-approved by the audit committee. Pre-approval is not required, however, for non-audit services totaling less than five percent of fees.
Auditor Must Report New Information to Audit Committee. This information includes critical accounting policies and practices to be used, alternative treatments of financial information within GAAP that have been discussed with management, accounting disagreements between the auditor and management, and other relevant communications between the auditor and management.
Audit Partner Rotation. The lead audit partner and audit review partner must be rotated every five years on public company engagements if the firm has five or more SEC clients and ten or more partners. Other partners may also be affected. There is also a mandatory five-year waiting or “cooling off” period for partners to rotate back on to an engagement.
Employment Implications. An accounting firm will not be able to provide audit services to a public company if one of that company's top officials (CEO, controller, CFO, chief accounting officer, etc.) was employed by the firm and worked on the company’s audit during the previous year.
Criminal Penalties and Protection for Whistleblowers. The law creates though penalties for those who destroy records, commit securities fraud and fail to report fraud.
Failure to Maintain Workpapers. It is now a felony with penalties of up to 10 years to willfully fail to maintain “all audit or review workpapers” for at least five years. The SEC has already established a rule covering the retention of audit records and the board will issue standards that compel auditors to keep other documentation for seven years.
Document Destruction. It is a felony with penalties of up to 20 years to destroy documents in a federal or bankruptcy investigation.
Securities Fraud. Criminal penalties for securities fraud have been increased to 25 years.
Fraud Discovery. The statue of limitations for the discovery of fraud is extended to two years from the date of discovery and five years after the act. It was previously one year from discovery and three from the act.
Other Provisions. Other provisions protect corporate whistleblowers, ban personal loans to executives, and prohibit insider trading during blackout periods.
Financial Reporting and Auditing Process Additions. Issuers of public stock and their auditors must now follow new rules and procedures in connection with the financial reporting and auditing process. Some of the provisions follow.
CEOs and CFOs are now required to certify financial reports.
It is unlawful to improperly influence the conduct of audits.
CEO and CFO bonuses and profits will be forfeited after restatements of financial statements.
Disclosure is required for transactions involving management and principal stockholders within two days.
Disclosure is required for all off-balance sheet transactions and relationships.
There is required reconciliation of pro forma and financial statements.
Second Partner Review and Approval of Audit Reports. The new regulatory board will issue or adopt standards requiring auditors to have a thorough second partner review and approval of every public company audit report.
Management Assessment of Internal Controls. Management must now assess and make representations about the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
Audit Reports Must Contain Description of Internal Controls Testing. The new regulatory board will also issue or adopt standards that will require every auditor to attest to the assessment made by management on the company’s internal control structures, including a specific notation about any significant defects or material noncompliance found on the basis of such testing.

Keeping Current on Implementation and
Further Details

To begin implementing this bill, the SEC has already approved rules regarding retention of audit/review records, disclosures of off-balance sheet arrangements and aggregate control obligations, auditor independence, and certification requirements for management investment companies. Details on these rules can be found on the SEC Web site at www.sec.gov. For a complete implementation timeline, visit the AICPA Web site at www.aicpa.org.

For more information about the Sarbanes-Oxley Act of 2002, visit www.aicpa.org/sarbanes/index.asp.

Wynne E. Baker, CPA, CBA, CFSA is a partner with Kraft Bros., Esstmann, Patton and Harrell, PLLC. His area of expertise is accounting and auditing, primarily within the banking industry.

Whether you're in a public or private firm, SIGMA can provide tailored services as an independent organization that has experience working closely with accountants, lawyers, brokers, and consultants.

Our staff has education and experience with a broad range of risk management concerns and has an innovative attitude towards both customer service and actuarial analyses.

More about SIGMA

The Private Label Concept A Sample Study Typical Services An Introductory Video