Herbert M. Chain
Shareholder, Mayer Hoffman McCann P.C. Deputy Technical Director, Global Audit Group, Kreston Global
Herbert M. Chain is a highly experienced auditor and is a financial expert with over 45 years of experience in business, accounting, and audit, having served as a Senior Audit Partner at Deloitte. He holds certifications from the National Association of Corporate Directors and the Private Directors Association, with knowledge of private company governance and effective risk management. He has extensive knowledge in the financial services sector, including asset management and insurance.
Contact Herbert here
Ensuring trust: The crucial role of auditor independence
November 3, 2023
Auditor independence is critical to the credibility of the auditing profession. It is essential that auditors be independent of their clients in both fact and appearance. Independence in fact means that auditors are free from any financial, business, or personal relationships that could impair their objectivity and are not subject to any influences that could impair their ability to exercise professional judgment. Independence in appearance means that auditors are perceived to be independent by a reasonable and informed third party.
The importance of auditor independence
The importance of auditor independence is recognised by auditing standards and regulators around the world. In the United States, the Public Company Accounting Oversight Board (PCAOB) is responsible for overseeing the audits of public companies. The PCAOB has issued a number of auditing standards that relate to auditor independence. The US Securities and Exchange Commission (SEC) has its own rules governing auditor independence, and has fined, sanctioned, and/or barred firms and their personnel for violating such standards.
Other auditing standards setters, such as the American Institute of Certified Public Accountants (AICPA), the US Government Accountability Office (GAO), the International Auditing and Assurance Standards Board (IAASB), and the International Ethics Standards Board for Accountants (IESBA) have also issued guidance on auditor independence. In addition, many countries’ regulators that oversee the auditing profession and have issued regulations and interpretations on auditor independence.
Considerations for External Auditors
There are three overriding considerations when evaluating independence.
- Auditors cannot audit their own work. This is a fundamental principle of auditor independence. Auditors must be able to objectively evaluate the work of their clients, and they cannot do this if they are the ones who did the work in the first place.
- Auditors cannot make management decisions for their clients. This is because auditors must maintain their independence from their clients. If auditors start making management decisions, they will no longer be able to objectively evaluate the work of their clients.
- Auditors cannot act as advocates for their clients. If auditors start acting as advocates, they will be perceived as being unable to objectively evaluate the work of their clients.
More specifically, these considerations are often subcategorized into:
- Financial relationships: Auditors should not have any direct or indirect material financial interests in their audit clients. This includes investments in the client’s securities, loans from the client, and business relationships with clients or their affiliates.
- Employment relationships: Auditors should not have close personal or professional relationships with their audit clients. This includes former employees of the client, spouses and relatives of employees, and directors of the client’s affiliates. This also includes the employment by the client of its auditor’s engagement team members. (This situation was specifically prohibited under the Sarbanes-Oxley Act of 2002 (SOX), subject to a “cooling off” period.)
- Scope of services: Auditors should not provide non-audit services to their audit clients that could impair their independence. This includes accounting, bookkeeping, financial planning, and management consulting services. Regulators may have varying prohibitions; the specific rules must be assessed by jurisdiction and type of client (i.e., public, private, or governmental).
- Mutuality of interest: Auditors should not have business relationships with their audit clients that could create a mutuality of interest. This may include joint ventures or other collaborations (e.g., software implementation agreements).
Threats and safeguards
Our regulators often define these risk as “threats”, and provide the related mitigating responses (or “safeguards”). Using this framework, the most common threats to an external auditor’s independence (and related safeguards) are:
- Threat: This occurs when the auditor has a financial or other interest in the client that could impair objectivity. Examples include owning shares in the client company or having a close family member employed by the client.
- Safeguard: Auditors should avoid having any financial or other interests in their clients. If such interests do exist, they should be disposed of, and safeguards should be put in place to mitigate the threat.
- Threat: This occurs when the auditor performs both audit and non-audit services for the client. This can create a conflict of interest, as auditors may be less likely to challenge the client’s management if they are put into the position of auditing their own work. Examples are preparation of the income tax provision or the determination of liabilities under a client’s employee pension plans.
- Safeguard: If non-audit services are performed, they should be assessed by the auditor, and if the services create a significant threat, other actions or measures should be identified that could reduce the threat to an acceptable level so as to not so as to not impair the auditor’s independence. Additionally, management must designate a knowledgeable employee to supervise the auditor, take responsibility for the auditor’s work, and make the ultimate decisions. These requirements are often documented in the engagement letter and/or the management representation letter received by the auditor in connection with the audit.
- Threat: This occurs when the auditor becomes too closely aligned with the client’s interests and acts as an advocate for the client or promotes the client’s interests or position. Examples include providing testimony on behalf of the client in a lawsuit or promoting investments in the client.
- Safeguard: Auditors should be aware of situations that might place them in the position as an advocate. Any agreement with a client should be carefully reviewed before execution.
- Threat: This occurs when the auditor becomes too familiar with the client’s management or employees and thus no longer exercises sufficient professional scepticism because the auditor has too much trust in the client and the client’s actions. This can impair the auditor’s professional scepticism and objectivity, as they may be less likely to question the client’s management or to report on any irregularities they find.
- Safeguard: Auditors should maintain professional detachment from their clients, and consider rotating audit teams on a regular basis. This will help to reduce the risk of the audit team becoming too familiar with the client and its personnel.
- Threat: This occurs when the auditor is influenced by threats, pressure, or coercion from the client or a third party. This pressure can come from threats to dismiss the auditor, to reduce the audit fee, or to retaliate in some other way. This threat was deemed significant enough that it was statutorily prohibited by the provisions of Section 303 of SOX.
- Safeguard: Auditors should have the ability to report directly to the audit committee of the client’s board of directors. (This safeguard was deemed important enough that it was statutorily included in the provisions of Section 204 of SOX.) This will give the auditor a direct line of communication to the board and will help to reduce the risk of intimidation.
What can an audit firm do to ensure compliance with professional auditor independence rules?
It is important to note that no safeguard can eliminate all threats to auditor independence. However, by implementing a variety of safeguards, firms can reduce these threats to an acceptable level.
- Promote a culture of independence: Firms should promote a culture that emphasizes independence and ethical behavior, demonstrates a commitment to independence from the top leadership, and sets a tone of ethics and independence throughout the organization. Many firms provide access to ethical counselors or hotlines where professionals can seek guidance on independence-related concerns. Additionally, firms should provide regular training and educational programs for all professionals regarding independence rules, regulations, and ethical considerations. Firms should also establish and reinforce protocols for seeking consultation within the firm on independence and other complex issues (a “culture of consultation”).
- Firm policies and procedures: Firms should have policies and procedures in place to identify and assess threats to independence, implement safeguards to mitigate those threats, and monitor compliance. Policies should be enforced consistently and fairly, promptly addressing any violations. These policies and procedures should be reviewed and updated regularly. Firms should also establish guidelines on employees accepting gifts, hospitality, or other favors from clients to prevent any influence on professional judgment. Additionally, member firms of a global network need policies in place to identify and clear potential conflicts of interest that might exist with other member firms. This includes establishing lines of communication and responsibility for such communications on a timely basis, especially in proposal situations.
- Non-audit services: Audit firms should carefully assess the non-audit services that they provide to their audit clients and ensure that client management takes ultimate responsibility for the work and any decisions made as a result of the findings.
- Client assessment and continuance: Before accepting a new client, firms should conduct a thorough assessment, ensuring there are no conflicts of interest or other factors affecting independence. This should also be performed annually as part of the client continuance process as well as be monitored during the performance of the engagement (i.e., being alerted to changed circumstances that might affect precious independence conclusions).
- Annual independence representations: Require individual professionals to sign an independence representation reaffirming their commitment to objectivity and independence in all audit-related activities and to disclose potential conflicts of interests or independence issues. (Some firms require this on an annual basis; some firms also conduct regular independence checks (audits) for professionals to identify any personal or financial relationships that might compromise independence.)
- Engagement team rotation: Even if not required by the relevant regulatory authorities (i.e., the PCAOB for US public company audits), if bandwidth permits, firms should consider rotation of audit engagement partners and key team members periodically to minimize familiarity threats and enhance objectivity. Some larger firms use inter-office partner assignments to mitigate staffing constraints.
- Transparent communication: Auditors should maintain open communication with audit committees and promptly report any potential threats to independence. (This is a required communication under certain regulatory regimes, for example under Rule 3526 of the PCAOB in the US.)
Independence is a foundational requirement for external auditors. Our credibility and resultant conclusions are all affected (and judged) by our independence – in fact and appearance. Independence rules and the related situations are often complex and nuanced – and any situation must be carefully analyzed to reach the appropriate conclusion. Firms allocate significant resources to help them make the right decisions in the area and to reach the right answer. The risk of failure is significant, and failure can have reputational, and potentially existential, implications for firms.
If you would like to speak to us about your audit, please get in touch.