The Securities and Exchange Commission charged PricewaterhouseCoopers LLP and one of its partners with violating auditor independence rules for running a project to upgrade the client’s GRC software while also doing its audit work.
Using the “one” in the title is deceiving. This is the third auditor independence case that the Securities and Exchange Commission has brought this year. In August, the SEC charged RSM International with violating the SEC’s auditor independence rules on at least 100 audit reports. In February this year, the SEC charged Deloitte Touche Tohmatsu LLC, when its consulting affiliate maintained a business relationship with a trustee serving on the boards and audit committees of three funds it audited. You can also add the sanctions by PCAOB against PricewaterhouseCoopers in another matter and another against Marcum LLP.
I found this PwC case to be more egregious.
In 2014, PwC performed non-audit services for the unnamed company “Issuer A” to implement new Governance Risk and Compliance software. GRC systems are used by companies to coordinate and to monitor controls over financial reporting, including employee access to critical financial functions. Issuer A intended to use the GRC software to generate information as part of the company’s control environment and to provide data to assist personnel in forming conclusions regarding the effectiveness of internal controls related to financial information systems.
PwC would be implementing the system that it would ultimately opine on as being effective. It would be a shame if the Issuer A paid all that money to PwC to install the system and then PwC found it was an effective control environment.
Rule 2-01(c) of Regulation S-X sets forth a non-exhaustive list of non-audit services which an auditor cannot provide to its audit clients and be considered independent. See 17 C.F.R. § 210-2.01(c)(4)(i)-(x)
Auditor conflict is not just about money or which revenue stream rules the nest. The intent is to allow the auditor to act an impartial third-party reviewer. It’s the reason that auditors are not allowed to prepare the financial statements and then opine on them.
If the auditors do the books, then they will be very reluctant to point out errors in them. If the auditor designs and implements the company’s internal control system, then of course the auditor will be very reluctant to not opine that the company has good control environment.
For fund managers who rely on auditors for compliance with the Custody Rule, auditor independence is incredibly important.
Sources: