Bookmark and Share


Printer Friendly


Auditing Public Companies: Not Just Another Audit



A CPA firm audited the financial statements, prepared income tax returns, and performed tax planning services for the past two years for a client that manufactures computer keyboards and related products. This privately owned company reported revenue increases in each of the five years since the business was founded and just completed its first profitable year. A venture capital firm owns a majority interest in the company and provided start-up and operating capital during these initial years. With product demand increasing, the company projects a need for additional investments in manufacturing facilities and increased operating funds. To meet these needs, the company has decided to issue additional stock through a public offering in a few months.

Although the CPA firm has several audit clients, none are public companies registered with the Securities and Exchange Commission (SEC) or state securities commissions, and the firm has never filed any of its reports with these regulatory bodies. Further, the firm has not registered with the Public Company Accounting Oversight Board (PCAOB) under the Sarbanes-Oxley Act of 2002 (SOX). So how should the firm approach this situation?

A company planning to initiate a public offering of securities typically engages an attorney specializing in securities law to obtain assistance in satisfying legal and regulatory requirements associated with a public offering. This assistance may include surveying applicable federal and state securities requirements to identify and prepare SEC forms and other documents that must be filed with regulatory agencies. Additionally, a company typically asks its CPA firm to provide required financial statement audit reports, assistance in defining financial statement filing requirements, and guidance regarding other financial information disclosures.

CPA firms increasingly experience such situations as business clients grow and require additional capital. In managing their business, many CPA firms decide to limit their accounting and auditing services to privately owned businesses. The implication of this decision is that when a privately owned client talks to their CPAs about "going public," the firm must inform the client of this and advise them to engage another CPA firm that has registered with the PCAOB and is capable of meeting the SEC and state regulatory audit report filing requirements.

Many firms have not addressed this scope of practice issue because such a client situation has not yet arisen. Expanding a firm scope of practice to include auditing services for a company that plans to go public is a significant decision and one that should be made only after firm principals have given consideration to the risks, rewards, and requirements of such engagements and the overall impact on the firm.

There are two common situations wherein a client audited financial statements may need to be included in a filing with the Securities and Exchange Commission for the first time:

  • When the client intends to issue securities to the public, as in the situation described above.
  • When the client is being acquired by or merged with a public company. In some cases, the client will become a separate issuer when the acquisition or merger is completed.

Determining when and which audited financial statements must be included in an SEC filing is not always simple. Each situation is fact-specific and requires that a CPA have a working knowledge of applicable SEC rules and regulations, exemptions and financial statement tests and criteria. Typically, a client legal counsel is involved in assisting the client make this determination.

Requirements and Risks

Providing auditing services to companies planning to go public can open up new opportunities for a CPA firm. With these opportunities, however, come additional practice requirements and liability risks. In addition to the liability exposures associated with providing services to a soon- to-be public company, CPA firms and the persons providing the service on behalf of the firm become subject to federal securities laws and the rules and regulations of the SEC and the standards of the PCAOB when the company is registered. Providing auditing services to a public company necessitates that a CPA firm register with the PCAOB. Although the registration process is not particularly difficult, registered firms are faced with significant additional requirements:

  • The PCAOB initially adopted certain AICPA standards on auditing, attestation, quality control, ethics, and independence as interim standards. Over time, the PCAOB has modified those standards and continues to establish its own professional standards that registered firms must learn and follow. Differences between the two sets of standards exist and will likely increase over time as the Board assesses and establishes procedures, practices, and requirements focused on the environment and issues facing public companies.

    Firms providing auditing services to both public and private entities must maintain technical competence and experience in both arenas. To accomplish this, a substantial investment by the firm is required in training, quality control, and maintaining the competence of a firm professional staff in both sets of standards. Firms that audit governmental entities or pension and profit sharing plans also must maintain competence in Government Auditing Standards and Department of Labor requirements.
  • Firms registered with the PCAOB that audit public companies are subject to inspection by the Board. SOX requires the Board to conduct a continuing program of inspections of registered public accounting firms. In these inspections, the Board is charged with assessing compliance with the Act, the rules of the Board, the rules of the Securities and Exchange Commission and professional standards in connection with the firm auditing engagements, the issuance of audit reports, and related matters involving issuers. The Act requires the Board to conduct inspections annually for firms that audit more than 100 issuers and at least triennially for firms that audit fewer issuers.

    The Act requires the Board to prepare a written report concerning each inspection. Under the Act and the Board's rules, the Board provides a copy of each report to the Commission and to certain state regulatory authorities. The Board also makes portions of those reports available to the public, subject to restrictions in the Act that prohibit or require a delay in the public disclosure of certain information. For additional information on the Board inspection process and other PCAOB matters, see http://www.pcaobus.org/index.aspx.

    Firms registered with and subject to PCAOB inspection must also be enrolled in the AICPA Center for Public Company Audit Firms Peer Review Program (CFCAF PRP). The CFCAF PRP is designed to review and evaluate those portions of a firm accounting and auditing practice that are not inspected by the PCAOB so firms can meet applicable state licensing, federal regulatory, and AICPA membership requirements. The results of a CPCAF peer review are placed in an electronic file available to the public. For more information on the Center for Public Company Audit Firms and its peer review program, see the AICPA website at http://cpcaf.aicpa.org/.
  • Private companies planning to go public may request that their financial statements be audited in accordance with both generally accepted auditing standards (GAAS) and PCAOB standards. Reasons for such requests can vary. For example, the company may want to assess their additional financial statement and reporting responsibilities upon becoming an SEC-registered company, or they might want to see how they measure-up in such an audit. Alternatively, they may want to influence investment bankers or potential debt or equity investors. The risk of failing to comply with professional standards clearly increases when two sets of standards apply. If the audit report will be used by third parties who ordinarily would not otherwise receive the report, the risk of exposure to malpractice claims increases.

    CPAs should explain and educate private company clients about the differences between a GAAS audit and an audit conducted in accordance with PCAOB standards. Clients must understand that a PCAOB audit must include and comply with all PCAOB requirements, not just a select few. The requirements of Section 404 of SOX must be explained along with the potential implications if the company internal controls are deficient. Notwithstanding the fact that these clients may not at the time plan to go public, they should also be directed to information explaining the obligations and reporting requirements of companies registered with the SEC. For a further discussion of this subject, see the article Stay Out of Trouble by Ric Rosario and Suzanne Holl, in the August 2005 edition of the Journal of Accountancy.

The SEC and the PCAOB aggressively enforce the securities laws, standards, rules, and regulations, and violators may be subject to monetary penalties and other sanctions. Depending on the situation, accounting firms and their employees found to be in violation of SEC and PCAOB requirements may also be subject to disciplinary proceedings and sanctions by CPA professional organizations and state boards of accountancy.

Filings with the SEC

In auditing a privately owned company (a non-issuer) financial statements, an accountant follows GAAS and expresses an opinion on the conformity of the statements with generally accepted accounting principles (GAAP). When an issuer statements are to be included in an SEC registration statement or other filing, the accountant must conduct the audit in accordance with the standards of the PCAOB and ensure that the statements conform to applicable SEC rules and regulations. An auditor of a public company must also report on management assessment of the company internal controls over financial reporting as provided in Section 404 of SOX. A few examples of the securities law and SEC guidance that must be considered include:

  • The Securities Act of 1933 and the Exchange Act of 1934
  • Regulations S-B, S-X and S-K
  • SEC Accounting Series Releases
  • SEC Financial Reporting Releases
  • SEC Staff Accounting Bulletins
  • Securities Act Industry Guides and Exchange Act Industry Guides

To understand the impact that these laws and regulations have on auditors, let take a look at some examples of matters the company and the CPA firm in the hypothetical situation described above will have to address.

  • The CPA firm has audited the company financial statements for the last two years. Is this adequate to meet the requirements of the SEC form to be filed? Or will the company need to have the statements for the third prior year audited to meet the audited income and cash flow statement requirements of Regulation S-X? (See 17 CFR, Reg. 10.3-02.)
  • With respect to Article 3 of Regulation S-X, do the company previously issued annual statements include the required analysis of changes in other stockholders equity? (See 17 CFR, Reg. 10.3-04.) If not, the statements will have to be expanded to present the required information.
  • Regulation S-X specifies the age of the company financial statements at the effective date of the registration statement or at the mailing date of the proxy statement. Will the company be required to include unaudited interim financial statements in the filing? (See 17 CFR, Reg. 10.3-12.)
  • Regulation S-X details several footnote disclosures that must be included in the financial statements. Examples of matters subject to disclosure include assets subject to lien, restrictions limiting payment of company dividends, warrants or rights outstanding, accounting policies for certain derivative financial instruments, and income tax expense information. (See 17 CFR, Reg. 10.3-08.) If the previously issued statements do not include these disclosures, the statements to be included in the SEC filing must be expanded.
  • Regulation S-X details the line items and additional disclosures that must appear on the face of the company balance sheets and income statements or in related footnotes. Required financial statement captions include cash and cash items; accounts and notes receivable; inventories; property, plant and equipment; accounts and notes payable; bonds, mortgages, and other long-term debt, including capitalized leases; commitments and contingent liabilities; net sales and gross revenues; costs and expenses applicable to sales and revenues; selling, general and administrative expenses; non-operating income and expenses; and earnings per share data, among others (see 17 CFR, Reg. 10.5-02 & 03). If these items were not separately presented in the previously issued financial statements, additional work may be needed to conform to this requirement.
  • Regulation S-X specifies that the company must file certain supplementary schedules and that they must be audited. Examples of information required in these schedules include specified condensed financial data of the company, information on valuation and qualifying accounts, real estate, and accumulated depreciation and mortgage loans on real estate. (See 17 CFR, Reg. 210.3-02.) In the audit of a non-public company, these schedules would probably not be included with the financial statements. If the company is going public, additional work will be needed to meet Regulation S-X requirements, and the auditor report will need to cover these additional items.

The preceding are examples of significant matters to be considered by a CPA firm before consenting to a client request to include a previously issued or future audit report in an SEC filing. Research is required to consider these issues prior to deciding whether or not to consent. The firm must consider any additional work that must be performed by the client and the CPA firm to reissue the financial statements and audit reports to comply with SEC and PCAOB requirements, and discuss the additional work and fees with the client. If the client will not agree to the additional work and fees required, the CPA firm should decline to consent. If the client does agree, the CPA firm should obtain a signed engagement letter from the client prior to initiating the additional work.

CNA recommends that firms considering granting consent for the first time consult with a PCAOB-registered CPA firm to assess the compliance of the previously issued financial statements and audit reports with SEC rules and requirements before doing so. As the cost of this service was not contemplated at the time services were originally rendered, and assuming it is the firm intent, the client or former client should be advised orally and in writing at the time the request is received that they will be billed for these costs regardless of whether or not consent is granted.

Staff and supervisory audit personnel will require extensive technical training on the additional work required and requirements for continuing work while serving as the auditor of a public company. Training must be viewed as a continuing investment and commitment. SEC and PCAOB rules and requirements continue to evolve and change over time, and staying up-to-date and in compliance is a challenge for all CPA firms. A recent GAO report indicates that "Many of the representatives [of registrants and the accounting profession] we spoke with stated that it is becoming increasingly difficult to keep track of the variety of guidance being issued and used by the SEC, especially for the smaller accounting firms with limited resources."

In addition to financial statement requirements, CPA firms must comply with SEC and PCAOB rules applicable to accountants who practice before the SEC. In particular, the independence rules applicable to firms auditing the financial statements of issuers are more restrictive than AICPA independence requirements.

Consenting to Requests to Include Prior Audit Reports in SEC Filings

Before a CPA firm audit reports can be included in an SEC filing, a registrant is required to obtain permission from the CPA firm to do so. If the firm consents to this use of its reports, the firm may be named as an expert in the filing and its signed consent must be included as an exhibit in the filing. Samples of the wording generally found in an "experts" section of a filing and of an accounting firm consent are as follows:

Experts

The financial statements of XYZ Corporation as of December 31, 20xx and 20yy and for each of the three years in the period ended December 31, 20yy, and management report on the effectiveness of internal control over financial reporting as of December 31, 20yy have been audited by ABC, an independent registered public accounting firm, as indicated in their reports with respect thereto, and have been included herein in reliance upon the reports of said firm, given on the authority of that firm as experts in accounting and auditing.

Consent of Independent Registered Public Accounting Firm

To XYZ Corporation:

As an independent registered public accounting firm, we hereby consent to the inclusion in this registration statement of our reports dated January 31, 20zz on the financial statements of XYZ Corporation as of December 31, 20xx and 20yy and for each of the three years in the period ended December 31,20yy, on the effectiveness of XYZ Corporation internal control over financial reporting, and on management report on XYZ Corporation effectiveness of internal control over financial reporting as of December 31, 20yy, and to the reference to our firm under the caption "Experts" included in this registration statement.

Being named as an "expert" and consenting to the inclusion of audit reports in an SEC filing has significant implications concerning both legal liability and auditor responsibilities. From a liability perspective, the Securities Act of 1933 provides in Section 11 that an accountant who has consented to being named as having prepared a report that is included in a registration statement can be sued by any person who acquires a security covered by the registration statement if, when the registration statement became effective, it contained a material untrue statement or omitted a material fact that was required to be stated in order for the registration statement not to be misleading.

Auditor Responsibility Concerning Subsequent Events

The 1933 Act addresses liability when the registration statement becomes effective. As a result, a CPA has a responsibility to consider subsequent events beyond the audit sign-off date and up to the effective date of a registration statement. Section 11 of the Act provides that "an auditor should extend his procedures with respect to subsequent events from the date of his audit report up to the effective date or as close thereto as is reasonable and practicable in the circumstances." The PCAOB standards currently reflected in AICPA Professional Standards, AU 60.12 and AU 11.10-.12 (including the interpretations in AU 711) describe procedures to be performed for this subsequent period. These include, for example:

  • Reading the latest available interim financial statements and comparing them with the statements being reported upon
  • Inquiring of officers and other executives that have responsibility for financial and accounting matters about the existence of any substantial contingent liabilities or commitments as of the date of inquiry
  • Reading available minutes of meetings of stockholders, directors, and appropriate committees held subsequent to the audit sign-off date and inquiring about matters discussed at such meetings if minutes are not yet available
  • Inquiring of client legal counsel concerning litigation, claims, and assessments
  • Inquiring of and obtaining written representations from officers and other executives responsible for financial and accounting matters about subsequent events (other than those reflected or disclosed in the filing) that have a material effect on the audited statements or that should be disclosed in order to keep those statements from being misleading
  • Reading the entire SEC filing

Declining Requests to Include Prior Audit Reports in SEC Filings

Having considered these issues and assuming that the inclusion in an SEC filing of audit reports previously issued for a privately held client is a use that was not contemplated or intended when the work was originally arranged and performed, a firm may decide not to grant this consent.

The SEC has addressed this issue in a public release as follows:

Accountants Refusal to Re-issue Audit Reports

"Some accounting firms have adopted risk management policies that lead them to refuse to re-issue their reports on the audits of financial statements that have been included previously in Commission filings. In some cases, accountants whose reports on acquired businesses were included in a registrant Form 8-K have declined to permit that report to be included in a registrant subsequent registration statement. In other cases, accountants have declined to reissue their reports on the registrant financial statements after the registrant engaged a different auditor for subsequent periods. The Commission staff is not in a position to evaluate the reasons for an accountant refusal to re-issue its report and will not intervene in disputes between registrants and their auditors. Moreover, the staff will not waive the requirements for the audit report or the accountant consent to be named as an expert in filings. If a registrant is unable to re-use the previously issued audit report in a current filing, the registrant must engage another accountant to re-audit those financial statements. A registrant that is unable to obtain either re-issuance of an audit report or a new audit by a different firm may be precluded from raising capital in a public offering.

"When registrants engage an accountant to perform audit services, they should consider the need for the accountant to re-issue its audit report in future periods. It maybe appropriate to address in the audit services contract the registrant expectations regarding the use of the audit report in filings that it or its successors may make under either the Exchange Act of the Securities Act and the circumstances under which the accountant may decline to reissue the report."

Obtaining signed audit engagement letters documenting expected audit report usage is a recommended practice. This helps limit liability exposure and reduce the risk of future misunderstandings in the event the client later asks to include the firm audit reports in an SEC filing.

Is It Worth It?

Providing auditing services to a public company or consenting to the inclusion of previously issued audit reports in an SEC filing requires firms to register with the PCAOB and maintain expertise, knowledge, and skills beyond that required to audit the financial statements of a privately owned business. To do so, a firm must be prepared to make and maintain substantial additional investments in training and firm quality controls. Additionally, the firm must be prepared to accept the additional responsibilities commensurate with these services and assume the liability risks associated with them. Bottom line: auditing public companies can be a profitable service for CPA firms. However, with these rewards come increased responsibilities and liability risks. Each firm must make its own decision about going down this path, only after considering all the requirements, risks and rewards. Just be sure to do so with your eyes wide open!

May 2006

By John E. McFadden, CPA, CFE, Risk Control Consulting Director, CNA, Accountants Professional Liability, CNA Center, Chicago, IL 60685.

The information, examples and suggestions presented in this material have been developed from sources believed to be reliable, but they should not be construed as legal or other professional advice. CNA accepts no responsibility for the accuracy or completeness of this material and recommends the consultation with competent legal counsel and/or other professional advisors before applying this material in any particular factual situations. Any references to non-CNA websites are provided only for convenience, and CNA disclaims any responsibility with respect to such websites. This material is for illustrative purposes and is not intended to constitute a contract. Please remember that only the relevant insurance policy can provide the actual terms, coverages, amounts, conditions and exclusions for an insured. All products and services may not be available in all states.

Continental Casualty Company, one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program.

CNA is a service mark registered with the United States Patent and Trademark Office.

Copyright 2006 CNA. All rights reserved.





Home | Apply Now | Business Insurance
Personal Insurance | Risk Management Education | Contact Us
About Us | Sign Up for Our Free E-newsletter | Glossary
Site Map

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams.

Read our Privacy Statement
Insurance License Information
© 2010 Aon Insurance Services