Does Disclosure of Nonattest Services in the Audit Report Matter?

By Terry J. Engle, Stephanie M. Bryant, and Susan M. Albring

E-mail Story Print Story

In the wake of the SEC requirements, state boards of accountancy and other regulatory bodies face difficult decisions as they consider revisions to their auditor independence requirements. These regulatory bodies must consider the standards most appropriate for the large number of audits not subject to SOX. Serious consideration has been given to adopting a middle ground between strict prohibition of specified nonattest services (i.e., the SOX standard) and the AICPA’s position.

The Independence Task Force of the Florida State Board of Accountancy debated the possibility of adopting the AICPA rules with the additional requirement of a disclosure paragraph in the auditor’s report. The paragraph would describe the extent of any nonattest services that a public accounting firm performing an independent audit provided to an audit client. Proponents of this approach have argued that the audit report is the most appropriate disclosure vehicle because a state board could effectively and efficiently regulate auditor behavior through it. The Florida Board’s Independence Task Force recognized that it is much more difficult to regulate GAAP, and did not attempt to do so. As the task force discussed the possibility of mandated disclosures in the audit report, questions arose about the value of nonattest service disclosures, user acceptance, and the desirability of using the audit report to make users aware of the independence standards being followed by independent auditors. It became apparent that the task force needed much more information before it could reach a decision on mandated disclosure. The task force also recognized that more information was needed by the entire auditing profession to enable an informed debate on the issue.

Other influential bodies are considering changes to the audit report and have recognized the need for further information. For example, the AICPA’s Auditing Standards Board (ASB) and the International Auditing and Assurance Standards Board (IAASB) issued a joint call for research proposals. The announcement states: “The key research objective is to identify and provide information about users’ perceptions of the financial statement audit in connection with reading and considering the auditor’s report” (click here for the request for proposals). While this request for research does not deal specifically with independence or nonattest service disclosures, it focuses on making changes to the audit report that would increase its value to users. Disclosures about nonattest services and information about audit independence could be valuable changes.

Background

Providing nonattest services for independent audit clients has been controversial for years. Many critics have contended that the practice creates a conflict of interest, and at the very least creates an “appearance of independence” problem for the external auditor. Congress has generally objected to many forms of this activity. For example, a 1976 staff study for the Metcalf Committee stated: “Confidence in the independence of auditors requires that they have no direct or indirect interests in the affairs of their clients” (U.S. Senate Subcommittee on Reports, Accounting, and Management of the Committee on Government Operations; 1976. The Accounting Establishment. 94th Congress, 2nd session). The authors of the study were highly critical of situations where public accountants were involved with the business operations of their clients or were placed in a position of evaluating their own firm’s work in their role as an independent auditor.

SEC officials have also been vocal critics. In the late 1990s, then–SEC Chairman Arthur Levitt recognized the general threat that management consulting represented to auditor independence and embarked upon a crusade to severely limit public accounting firms from providing a wide variety of management advisory services for audit clients. Most recently, Congress voiced its deep concern through the promulgation of SOX. The SEC subsequently supported the eight prohibited services by revising its independence rules (Final Rule: Strengthening the Commission’s Requirements Regarding Auditor Independence. Release No.
33-8183, January 28, 2003).

The AICPA, traditionally on the opposite end of the spectrum on this issue, has always allowed public accounting firms to provide a wide variety of nonattest services for their audit clients, provided certain controls were in place. The controls were specified in the Interpretations (primarily Interpretation 101-3) of Rule 101, Independence, of the AICPA Code of Professional Conduct. In 2003, the AICPA revised the independence provisions of its Code of Professional Conduct. The revised Interpretation 101-3 contains several new controls and restrictions, including the following:

• Members who are subject to nonattest services provisions contained in independence rules of regulatory authorities that are more restrictive than those of the AICPA must comply with both the AICPA and regulatory authority rules, or they will be in violation of Interpretation 101-3.
• Prior to performing nonattest services, members must document in writing their understanding with the client regarding the objectives of the engagement, the services to be performed, the client’s acceptance of required specified responsibilities, the member’s responsibilities, and any limitations to the engagement.
• More-restrictive rules governing certain types of information technology services involving financial information systems, appraisal services, actuarial services, valuation services, and internal audit assistance services.

(For a more complete discussion of the 2003 revision to the AICPA nonattest services rules, see Catherine R. Allen, “AICPA Issues Nonattest Services Independence Rules,” Journal of Accountancy, December 2003.)

While the revised Interpretation 101-3 contains several new controls and restrictions, the AICPA’s longstanding position on providing nonattest services has changed little, and throughout the accounting scandals that began during the early part of this decade, including Enron and WorldCom, the AICPA still allowed many services specifically prohibited under SOX and current SEC independence rules (e.g., internal audit assistance, services, bookkeeping).

State Regulatory Board Reaction

In response to the revised AICPA Code of Professional Conduct and the independence provisions of SOX, the Florida State Board of Accountancy initiated a project to revise the independence regulations for CPAs practicing in that state. While there was considerable resistance to the outright banning of specific nonaudit services for audit clients (i.e., the SOX position), there was serious concern about the propriety of adopting the permissive rules of the AICPA. While the Florida board’s Independence Task Force ultimately recommended adopting the revised AICPA Interpretation 101-3, it seriously considered a compromise position that would have required disclosure in the audit report of any nonattest services provided by the independent auditing firm. Proponents of this position argued that financial statement users would be explicitly informed about the types and extent of any nonattest services being provided by the independent auditors, and that they would be able to draw their own conclusions about the effect of such services on the quality of the independent audit. Furthermore, such a disclosure requirement would be similar to the historical, and current, disclosure requirements of the SEC.

SEC Position on Disclosure

The SEC has historically recognized the potential value of disclosing nonattest services provided to audit clients, but it has never required the disclosures in the audit report. SEC Accounting Series Release (ASR) 250, effective from September 1978 to January 1982, required several disclosures in the annual proxy statements of public companies. The disclosures included the total nonaudit fees (expressed as a percentage of the audit fee) paid to a public company’s independent auditor, and whether the nonaudit work was preapproved by the organization’s audit committee or board of directors. Audit firms were also required to disclose each nonaudit service fee as a percentage of the audit fee. In 1982, the SEC rescinded the ASR 250 disclosure requirements when it promulgated ASR 304, justifying that action by asserting that investors had displayed little interest in the ASR 250 disclosures. In 2000, with Final Rule: Revision of the Commission’s Auditor Independence Requirements (November 21, 2000), the SEC once again recognized the value of independence-related disclosures when it mandated that public companies disclose in their annual proxy statements the nonaudit services provided by their independent auditor. The SEC reaffirmed its support of disclosure in January 2003, when it issued new rules on auditor independence reflecting SOX mandates. The new rules require registrants to disclose the fees paid to their independent auditors for the independent audit and three categories of nonaudit services. In addition, registrants are required to provide qualitative descriptions of the nonaudit services. Disclosures for the most recent two fiscal years are required in the proxy statement, or in the annual report if a proxy statement is not filed.

In the current environment, where state regulatory boards and other stakeholders may be dissatisfied with the AICPA’s position, mandated disclosure in the auditor’s report represents a viable option that does not go as far as SOX. While the SEC has recognized the value of nonattest service disclosures for organizations under its jurisdiction, little information is available about whether similar disclosures would be valued by the large number of “informed users” that rely on the audited financial statements of nonpublic organizations.

Disclosure Research

The authors’ research was primarily designed to provide insight into whether nonattest service disclosures in the audit report are valued by informed financial statement users, and whether the information would significantly affect their decisions. A secondary objective was to test the effects, if any, of a paragraph designed to educate financial statement users about the importance of auditor independence. These disclosures are illustrated in Exhibit 1. The researchers used MBA students at a large public university as representative of “knowledgeable” financial statement users. (Exhibit 2 shows demographics of the survey respondents.)

Forty-eight individuals were asked to perform a task that was designed to be easily understood and representative of a common business transaction involving reliance on audited financial statements of organizations not subject to SOX. Participants were asked to assume the role of a commercial loan officer who was reviewing a loan application from a medium-sized nonpublic manufacturing company seeking a $15 million term loan. The loan application contained a description of the company, audited financial statements (balance sheet, income statement, statement of retained earnings, and statement of cash flows), financial ratios, and an independent auditor’s report. The loan application materials were identical in all respects except for the auditor’s report. The participants were divided into four equal groups:

• Group 1 received a standard three-paragraph unqualified report.
• Group 2 received the unqualified report with the addition of the “consulting” disclosure paragraph from Exhibit 1.
• Group 3 received the unqualified report with the addition of the “independence education” disclosure paragraph from Exhibit 1.
• Group 4 received the unqualified report with the addition of both the “consulting” and “independence education” paragraphs.

Note that the researchers used the term “consulting services” in lieu of “nonattest services” to minimize the possibility of misunderstanding by the subjects. The subjects were instructed to carefully study the materials in the loan application and then answer a variety of questions pertaining primarily to the value of the consulting and auditor independence disclosures in the audit report. The subjects were also required to indicate the most appropriate interest rate, collateral, level of due diligence they would perform, and level of risk for the loan, to determine whether these business decisions were affected by the disclosures in the audit report. Upon completion of the experiment, participants answered questions as to why they made decisions the way they did.

Results

Exhibit 3 presents the mean responses to six questions focusing on the perceived value of the disclosures that were added to the traditional unqualified audit report. The data are presented for each group and in total.

Nonattest service disclosure. The first five questions related to the value of nonattest service disclosures to financial statement users. Questions 1 and 2 were presented to all respondents and focused on the financial statement users’ desire for nonattest service disclosures in the audit report, as well as their sentiments about the impact of auditor-supplied nonattest services on the effectiveness of the independent audit. The responses to question 1 clearly indicate that, overall, the respondents “strongly agree” that auditors should inform them in the audit report when the auditors also perform “consulting services” for the audit client (6.37, on a seven-point scale). This strong sentiment was consistent across all four groups of subjects. The responses to question 2 indicate that the individuals disagreed (2.08) that consulting services performed by the independent auditor improved the effectiveness of the external audit.

Questions 3, 4, and 5 were presented to only the two groups of subjects that received the version of the audit report which contained the “consulting services” disclosures. Responses to question 3 reveal that these two groups of individuals found the “consulting service” disclosure in the audit report useful to their lending decision. The participants supplied comments that provided insights into how they used the information. For example, respondents repeatedly noted that providing both consulting services and audit services introduced a possible conflict of interest and compromised the integrity of the audit. Responses to question 4 indicate that participants thought that the provision of an Internet address where users could access detailed information about the independence rules being followed by the external auditors was a useful feature of the audit report. Question 5 asked whether the disclosure would have been more useful had it been in absolute dollar terms (the amount was disclosed as a percentage of the audit fee); respondents were essentially indifferent on this issue. This lends support for the format historically favored by the SEC, and should also be gratifying to those who object to disclosing fees in absolute dollars for business reasons.

The overall results relating to nonattest service disclosures indicate that these knowledgeable financial statement users wanted to be informed about the provision of nonattest services by the auditors, and that the information was valuable to their lending decisions. Participants valued readily accessible, detailed information about the independence standards followed by the auditors, and appeared satisfied with the amount of nonattest services being disclosed as a percentage of audit fees.

Auditor independence education. The final item in Exhibit 3 focuses on the value of educating users about the essential role of auditor independence. The accounting profession has always used the audit report as a communication vehicle, and the current three-paragraph unqualified audit report contains information designed to educate readers about the independent audit. The standard audit report does not elaborate on the role of auditor independence. The study tested whether more information would be welcomed by financial statement users.

Question 6 asked two of the groups about the value of the independence education paragraph in their lending decision. The group that received only the education paragraph found the information “moderately useful” to their lending decision (5.00), while the group that received both the consulting services disclosure paragraph and the education paragraph found the latter “not useful” (3.50). Those who found the paragraph moderately useful typically commented that the independence education paragraph called attention to the risk of the auditor not being independent. Others indicated that this led them to trust the independent auditors over management. For the group that received the audit report with both paragraphs, it is possible that these users were already aware that the provision of nonattest services has the potential to impair the independence of auditors, and they were predominately focusing on the disclosure that consulting services had actually been performed by the external auditing firm. Thus, the additional educational paragraph elaborating on the importance of auditor independence could have been viewed as redundant.

These findings suggest that the addition of an independence-education paragraph to the standard audit report would add some value for users, but the utility may diminish when the information is combined with other independence-related disclosures. Further research on this issue is warranted.

Impact of Disclosure on Lending Decisions

As previously noted, participants were asked to specify the appropriate interest rate, collateral, and amount of due diligence they would perform for the commercial loan. They were also asked to stipulate the perceived level of risk associated with the loan. Participants were provided an initial anchor vis-à-vis interest rate, collateral, and due diligence. Responses were analyzed to test whether the added disclosures in the auditor’s report significantly affected decisions related to these items. The differences in the responses from the four groups of subjects were not statistically significant, indicating that the added disclosures did not materially influence user behavior.

Users Want More Disclosure

As state boards of accountancy and other regulatory authorities search for the most appropriate nonattest services regulations, disclosure in the auditor’s report remains a viable middle ground between the current position of the AICPA and the provisions of SOX. The participants in the study strongly indicated that they wanted to be informed when independent auditors also provide nonattest services for an audit client. They also thought that audit reports should inform readers about where they can conveniently locate additional information describing the independence rules being followed by the auditors. These desires are consistent with a broader public-interest emphasis on inculcating a culture of transparency.

While participants indicated a strong desire to be informed when the auditor performs nonattest services, interestingly, and somewhat paradoxically, in a commercial lending application the information did not have a significant influence on their lending decisions. Taken collectively, the research suggests that mandated nonattest service disclosures in the audit report would be favorably received by the large number of individuals who rely on the audited financial statements of nonpublic organizations, but it is unclear exactly how such additional information would affect their decisions. The study does, however, provide strong evidence that these types of disclosures are desired by informed users, warranting further research. Regulators might also consider the results if contemplating potential disclosure requirements.

Terry J. Engle, PhD, CPA, is the Advisory Council Professor of Accounting; Stephanie M. Bryant, PhD, is the Dan R. and Tina P. Johnson Distinguished Professor; and Susan M. Albring, PhD, CPA, is an assistant professor, all at the University of South Florida, Tampa, Fla.

©2009 The New York State Society of CPAs. Legal Notices