Thank you for sharing!

Your article was successfully shared with the contacts you provided.
The Sarbanes-Oxley Act of 2002 made clear that the audit committee, not management, is responsible for overseeing the company’s relationship with the outside auditor. Now, two-and-a-half years into the post-Sarbanes-Oxley era, audit committees are keenly aware of the statutory mandate that requires them to be “directly responsible” for the appointment, compensation, retention, and oversight of the work of outside auditors. But what does this mean for audit committees in terms of carrying out their work? At the most fundamental level, it means that the audit committee must take ownership of the relationship with the outside auditor. What follows are some best practices designed to assist committees in discharging this responsibility. HIRING AN AUDITORTake an active role in the process of engaging the outside auditor.The audit committee should consider periodically � perhaps every five years � whether it is appropriate for the company to change its outside auditor. Although the Government Accountability Office has concluded that it is not appropriate to mandate audit firm rotation � and rotation in general can be expensive and present additional risks as a new auditor learns the company’s business � the committee nonetheless should regularly assess the benefits and costs associated with rotation for the particular company. Even in years where there is no rotation consideration, the performance of the incumbent auditor � and of each of the key members of the audit team � should be evaluated by the committee. If needed, changes in the team should be requested. The audit committee should also be mindful of the schedule for rotation of the engagement partner (the partner in charge of the audit) and the concurring partner (the second partner who reviews the audit and audit findings as a quality-control check) mandated by the Sarbanes-Oxley Act. It should begin the process of selecting new partners at least a year in advance of a required rotation. When it comes to retaining the outside auditor, the audit committee should oversee the process of negotiating the annual audit engagement letter, and the committee chair should execute it on behalf of the company. The committee should scrutinize the terms of the engagement carefully, recognizing that engagement letters have become increasingly comprehensive in their treatment of the relationship between the company and the outside auditor. In the current environment, they often address pre-approval matters, communications with regulatory agencies including the Public Company Accounting Oversight Board, and additional protections for the auditor, such as more detail about management’s responsibilities. For services other than the annual audit, the audit committee should consider whether it is appropriate to require that all engagements be documented in formal engagement letters. • Cultivate a relationship with the outside auditor.The audit committee should take the lead in developing an effective working relationship with the auditor. Open communication in an environment conducive to candid dialogue is critical. The committee or its chair should communicate to the engagement partner the committee’s expectation that the auditor will promptlybring any issues or concerns to the attention of the chair and, if appropriate, the committee as a whole. Private sessions between the audit committee and the outside auditor, without management present, can help facilitate communication. Audit committees of New York Stock Exchange companies are now required to hold these sessions “periodically.” The best practice is to schedule a private session with the outside auditor at every regular meeting of the audit committee. The rapport between the chair of the audit committee and the engagement partner is critical. There should be open communication between these two individuals and a mutual understanding about how they communicate. The chair should feel comfortable that the engagement partner can be available for discussion or questions between committee meetings. Similarly, the chair should encourage the engagement partner to keep in contact outside of committee meetings, as needed. AFFIRMING INDEPENDENCEMaintain an ongoing, open dialogue with the outside auditor about independence.Although it is ultimately the auditor’s responsibility to affirm its independence, the audit committee should take its responsibilities with respect to the issue of auditor independence seriously. Historically, auditors have furnished audit committees with the independence disclosures and letter required by the Independence Standards Board’s Standard No. 1 on an annual basis. Auditors have now begun providing some clients with “updates” to the Independence Standards Board letter as frequently as quarterly, although written updates probably are not necessary for most companies. It is appropriate, however, for the audit committee to inquire periodically whether the outside auditor continues to believe that it is independent in light of the services it is providing to the company and other events that may affect independence, such as when the company is considering hiring a former employee of the outside auditor. • Develop a policy for determining the types of services that the outside auditor may appropriately provide.The Sarbanes-Oxley Act and Securities and Exchange Commission implementing rules establish a list of prohibited non-audit services � services that, by definition, impair an auditor’s independence if provided to an audit client. The audit committee should have a system reasonably designed to ensure that the outside auditor is not retained to provide these services. The committee should also obtain explicit assurances from the audit firm that the firm has an effective internal process to safeguard independence. That process should cover all offices and groups within the audit firm and associated firms in other countries that provide any services to the company or its subsidiaries. In response to the Sarbanes-Oxley requirement that the audit committee pre-approve all audit and permissible non-audit services, many audit committees have adopted pre-approval policies. Before establishing such a policy, or in connection with its periodic review, the committee should consider its overall approach to using the outside auditor as a service provider. The committee should articulate the types of services, beyond those relating to the annual audit engagement, that the outside auditor can appropriately provide. Some audit committees, for example, have decided not to retain the outside auditor for any non-audit services or for certain types of services, such as tax work. At companies that currently have one of the Big Four accounting firms as their auditor, the audit committee should recognize that a policy requiring the use of a different firm to provide non-audit services may limit the company’s options if it wants or needs to change auditors in the future. OVERSEEING CONTROLSPlay an active role in overseeing internal controls and disclosure controls.While management is responsible for maintaining effective internal and disclosure controls, the audit committee should be comfortable that the company has appropriate controls in place. The committee should review with the outside auditor (in addition to management and internal audit personnel) the company’s procedures for maintaining and evaluating the effectiveness of these controls. Under the Public Company Accounting Oversight Board’s Auditing Standard No. 2, which governs the outside auditor’s attestation of management’s internal control report under Section 404 of the Sarbanes-Oxley Act, the auditor must evaluate the effectiveness of the audit committee’s oversight of internal controls. This year, companies whose fiscal year ends Dec. 31 must include management’s internal control report in their next annual report on Form 10-K. As the Section 404 compliance deadline approaches for these companies, preparations for the first internal control report should be nearly complete at most companies. The audit committee should be reviewing the steps that the company is taking to assess and document its internal controls. It should be satisfied that management’s assessment is thorough and the documentation is complete. It should be in regular communication with the outside auditor about not only the status of the company’s preparations, but also the progress of the review and testing of company controls that the auditor must perform. The committee should be promptly notified of any “significant deficiencies” or “material weaknesses” (both defined terms under Auditing Standard No. 2) detected by the management review or by the outside auditor. It should also be kept informed about the steps and timetable for correcting any such deficiencies or weaknesses. AN EDUCATIONAL RESOURCELook to the outside auditor as an educational resource.In light of the significant new responsibilities that audit committees are expected to assume in the post-Sarbanes-Oxley world, many committees are looking at ways to help their members keep abreast of developments that affect audit committees. The outside auditor can serve as a valuable resource in this regard. The audit committee should consider scheduling periodic presentations from the outside auditor on topics of interest. For example, the committee could hold a half-day session with the outside auditor at least once annually, at which the auditor would brief the committee on accounting developments, focusing on generally accepted accounting principles most germane to the company’s business. In the wake of the Sarbanes-Oxley Act, a panoply of new legal requirements affect audit committees and their relationship with the outside auditor. There is a danger that, to comply with all these requirements, audit committees may adopt a mechanical, “check the box” approach that focuses too heavily on technical compliance with applicable laws and regulations. The audit committee should, of course, focus on legal compliance. The committee, however, should also take a holistic approach to its relationship with the outside auditor that recognizes that one of the purposes behind the new requirements is to promote diligent, independent oversight of a company’s relationship with its outside auditor and to enhance the auditor’s accountability to the audit committee. Amy L. Goodman is a partner-elect and Gillian McPhee is an associate in the D.C. office of Gibson, Dunn & Crutcher. They can be reached at [email protected]and [email protected], respectively.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.