The Sarbanes-Oxley Act of 2002 (SOX) mandates that audit committees be directly responsible for the engagement and oversight of the company’s independent auditor. It also mandates that the SEC’s rules be designed to ensure that auditors are independent of their audit clients.
In 2003, the SEC adopted rules to comply with the requirements of SOX. The audit committee-related rules require that before the auditor is engaged by the issuer or its subsidiaries to render permissible non-audit services and all audit, review, or attest engagements required under the securities laws, the engagement must be:
- Approved by the issuer’s audit committee; or
- Entered into pursuant to pre-approval policies and procedures established by the audit committee of the issuer, provided the policies and procedures are detailed as to the particular service, the audit committee is informed of each service, and such policies and procedures do not include delegation of the audit committee’s responsibilities to management.
Subsequently, the PCAOB adopted rules designed to supplement the SEC’s pre-approval requirements specific to tax services and services related to internal control over financial reporting.
Given the importance of auditor independence, in 2023 the PCAOB increased its focus on certain independence requirements during its inspections of audit firms. One of the areas of added focus was compliance with these pre-approval requirements. In 2023, roughly one-third of all PCAOB comment forms issued during the inspections with this increased focus related to audit committee pre-approval.
In 2024, the PCAOB highlighted some considerations for audit committees on their oversight responsibilities regarding their auditor’s independence. Some of those considerations included:
- Audit committees are required to consider whether any services provided by the audit firm may impair the audit firm’s independence in advance.
- Audit committees should be aware that certain financial relationships between the company and the independent auditor are prohibited.
- Audit committees should consider whether the public company’s policies and procedures require that all audit and non-audit services are brought before the audit committee for pre-approval.
- Audit committees should not approve engagements that remunerate an independent auditor on a contingent fee or a commission basis, as such remuneration is considered to impair the auditor’s independence.
- Audit committees should consider whether their auditor has implemented processes to identify prohibited relationships.
- Audit committees should discuss the following with the audit firm:
- Processes the audit firm uses to ensure complete disclosure of all relationships with the public company and its affiliates.
- Relationships the audit firm may have with officers, board members, and significant shareholders.
- If the audit committee pre-approves services using pre-approval policies and procedures, the audit committee should consider whether the pre-approval policies and procedures are sufficiently detailed as to the particular services to be provided so that the audit committee can make a well-reasoned assessment of the impact of the service on the auditor’s independence.
- Independence is a shared responsibility among the entity under audit, its audit committee, and its auditor. It is important for the company to have policies and procedures to proactively alert auditors to proposed or pending merger and acquisition activity that could have an impact on auditor independence.
Safeguarding Independence
At BDO, we are committed to providing the highest quality services and maintaining the professional standards expected from an accounting firm. BDO is also dedicated to upholding the highest standards of independence, ethics, and compliance in accordance with both internal policies and external laws and regulations.
As auditors and professional advisors, we are subject to a number of independence-related rules and regulations designed to protect the general public, our clients and our firm. These rules have been established by the federal government and its oversight bodies, including the Public Company Accounting Oversight Board (PCAOB) and the Securities and Exchange Commission (SEC), as well as other bodies, such as the American Institute of Certified Public Accountants (AICPA) and the International Ethics Standards Board for Professional Accountants (IESBA).
The SEC and PCAOB have both issued a number of statements making clear their belief that maintaining auditor independence is the responsibility of both a company and its auditor. In its October 16, 2020, rules release, Qualifications of Accountants, the SEC states, “We remind auditors and their audit clients of their shared responsibility to monitor independence,” and most recently, in the September 2024 Spotlight Inspection Observations Related to Auditor Independence (2024 PCAOB Spotlight), the PCAOB stated, “Independence is a shared responsibility between the entity under audit, its audit committee, and its auditor.”
Audit committees play an essential role in ensuring that the company is doing its part to safeguard independence and uphold the goal of providing high-quality, reliable financial information to the capital markets.
With that in mind, this guide addresses the SEC and PCAOB requirements for audit committees to pre-approve all services provided to the company by its auditor and suggests steps companies and their audit committees can take to strengthen this critical oversight responsibility.
We would be happy to discuss with the audit committee any questions related to the audit committee pre-approval requirements and/or related best practices. We look forward to a strong working relationship with the audit committee and believe that together we can safeguard independence and fulfill our responsibilities to investors and other stakeholders.