Auditors’ Reactions to Sarbanes-Oxley
Observations from the Field

By Nancy T. Hill, John E. McEnroe, and Kevin T. Stevens

E-mail Story Print Story

In The CPA Journal’s special auditing issue, “Innovations in Auditing” (November 2005), we reported the results of a 2003 survey of practitioners’ views of SOX during its initial implementation. Auditors reported that the initial implementation of SOX led to a dramatic increase in their workload. The auditing profession now has several years of firsthand experience at overseeing SOX implementation. The significant financial costs and work hours associated with implementing and auditing SOX for the first time (especially section 404, involving internal control certification) have abated. We thought it would be useful to survey auditors again to assess their views of SOX now that they have more experience with it.

One objective was to determine which aspects of the provision are most and least useful, as well as most and least burdensome. In addition, we believed that it would be helpful for regulators to learn whether auditors find the relatively new PCAOB effective in promulgating auditing standards. We also sought to determine whether the process the PCAOB uses to elicit and implement comments on proposed standards is optimal. Furthermore, we thought that it would be useful for regulators to hear the opinions of auditors in the field as to whether the provisions of SOX should be relaxed for smaller firms. Most important, we believed that it would be illuminating to learn from auditors whether they perceive the benefits of SOX to have outweighed the costs; in particular, whether SOX has engendered greater investor and creditor confidence in financial statements.

The authors surveyed 2,700 CPAs engaged in audit, tax, advisory, and other services, from a list provided by the AICPA. We received 549 responses (a 20% response rate). We were interested in opinions of those actively engaged in auditing rather than those in tax practices or other services, or of those who did not have public clients. Therefore, we deleted 100 responses from nonauditors and 61 responses with incomplete survey data. We also asked respondents to rank the size of their firms by revenue so we could compare the views of CPAs across the auditing spectrum.

The PCAOB

The shift in authority from the AICPA’s Auditing Standards Board (ASB) to the quasigovernmental PCAOB was controversial, and, in general, not well received by the profession. Given the benefit of several years of SOX experience, we sought to discover if auditors’ views have shifted with respect to the PCAOB. We asked the following question: “Has the PCAOB established auditing standards in a satisfactory manner?” We then compared those responses to the question we asked in 2003: “Should the PCAOB establish auditing standards?” (emphasis added).

The results shown in Exhibit 1 indicate that auditors are now marginally supportive of the role of the PCAOB in establishing auditing standards, more so than they were immediately following passage of SOX. Notice that shortly after SOX was implemented, only about one-third of responding auditors believed that the PCAOB should set auditing standards. That view has shifted in favor of the PCAOB: Now slightly more than half of auditors believe that the PCAOB has done a satisfactory job in issuing audit standards.

Even though a slim majority believed the PCAOB has done a satisfactory job in establishing audit standards, the vast majority of auditors reported (see Exhibit 2) that they need much more guidance from the PCAOB in the actual implementation of the standards. Furthermore, auditors expressed dissatisfaction in both the process the PCAOB follows and the weight the PCAOB affords to comments on exposure drafts.

As a result, the authors urge the PCAOB to devote the time and resources necessary to provide detailed guidance on the auditing standards it promulgates. As an example, a colleague observed that she could not recall any auditing standard issued by the ASB that requires as much effort and guidance as does the PCAOB’s original Auditing Standard 2. We recognize that some reactions may reflect dissatisfaction with SOX itself rather than the PCAOB. The auditors’ responses, however, suggest to us that the PCAOB should revise its current procedure for receiving and reviewing comments to exposure drafts.

Prohibited Services

SOX prohibits audit firms from offering certain services to their clients. The survey asked auditors, as it did in 2003, which of the following services the profession believes public accounting auditors should be allowed to provide to their SEC audit clients:

• Bookkeeping
• Financial information system design and implementation
• Appraisal/valuation services
• Actuarial
• Internal audit
• Human resource services
• Broker/investment services
• Legal services.

In general, auditors have become less in favor of allowing firms to offer nonaudit services to their audit clients. Notice, in Exhibit 3, that the percentage of respondents who believe that audit firms should be able to provide the various services listed declined from 2003 to 2006 for the majority of services.

With respect to firm size, the views of auditors in 2006 diverge sharply on only two issues: whether auditing firms should offer bookkeeping services and whether auditing firms should offer information system design services. Exhibit 3 shows that only 8% of auditors from large firms agree that audit firms should be able to provide bookkeeping services, and that only 20% agree that audit firms should provide information system design services. In contrast, 50% of their counterparts in small firms believe that audit firms should be able to provide bookkeeping and information system design services. (For all other questions on prohibited services, the views of auditors do not diverge in any statistically significant manner in accordance with firm size.)

In general, auditors are now more supportive of the restrictions on the services that they can offer to their audit clients than they were in 2003, and only a minority of respondents favored audit firms offering the now-prohibited services.

Auditors’ Comments on SOX

Some respondents’ written comments offer evidence, albeit anecdotal, that the profession remains divided on the benefits of SOX. As the excerpts below indicate, differences in opinion seem to exist in all ranks. It is rare, the authors believe, for the profession to be as deeply divided on an issue as seems to be the case for SOX. These differences of opinions may indicate just how complex and far-reaching the implementation of SOX is. It could be the case that the day-to-day implementation issues at a particular client make it difficult to see the more intangible benefits that SOX may offer to the investing community.

Supporting SOX

Partner, Big Four firm: “The costs of complying with SOX are being blown out of proportion as an excuse to get rid of unwanted oversight. The large majority of internal controls should be in place, regardless of public reporting requirements, to answer that the company is safeguarding its assets properly and that the larger organization is functioning in accordance with senior management’s and the board’s intent. These controls must be independently reviewed or surely over time they will erode and become useless. Hence, the bulk of the cost of a good system of internal control is part of the cost of doing business responsibly and should not be attributed to SOX! Small companies have just as much responsibility to safeguard shareholder assets as do large ones. The rewards to management for good results are huge. The only way to have assurance that those results are real is to have a good system of internal control and a quality audit.”

Director, Big Four firm: “As [SOX] has been implemented and as time passes, processes and procedures should improve as these are aligned with goals and objectives. In addition, management will become more adept in how to comply with the annual compliance component of [SOX].”

Manager, Big Four firm: “The section 302 certification by itself does not provide any benefits. However, some of the best practices that some companies have adopted, such as robust cross-functional disclosure committee meetings and ‘subcertifications’ or built-up representation letters from deeper in the organization, have improved financial reporting quality. The best companies were already doing these things.”

Challenging the Value of SOX

Retired partner, now director of several public companies: “The value of the PCAOB is most questionable. The cost to business of this de facto governmental agency yields little to no benefit to investors. The ASB does as good a job on auditing standards, and the firms already have adequate controls (peer reviews, internal reviews, etc.). My impression is that PCAOB field audits have gone much too far (the staff seems to have a ‘got you’ mentality on informed judgment areas to justify its existence). There has not been one documented case where performing systems work and an audit by the same firm has caused an independence problem. Congress made this change thinking it had a substantive change with the firms; but in reality this was never a problem. Some real value can be achieved when the independent audit firm does internal audit work. We have gone too far here, again without any real effect on independence.”

Manager, Big Four firm: “The only significant benefits to SOX have been to make auditors realize that their clients are the board of directors/shareholders and not management and [to eliminate] independence issues associated with many nonaudit services that were obvious conflicts. The remainder of SOX has resulted in minimal benefit (and possibly a net cost) to the public shareholders. In my experience, SOX has resulted in a lot of meaningless flowcharts, checklists, procedures, etc.”

Staff, midsized firm: “I believe laws were sufficient as previously stated. When people won’t act within current laws, do you really think new laws are the answer? I think not. Swift and sufficient justice is the answer. [It] seems we will go to the greatest lengths to avoid the easier and correct solution.”

Costs and Benefits of Implementation of Section 404

We asked auditors the following series of questions: Have the costs and benefits of implementing and auditing SOX outweighed the benefits? Should there be an exemption from SOX for smaller companies? Has the enactment of SOX led auditors and users of financial statements to have greater confidence in those statements?

Comments in the financial press often decry the costs of implementing SOX and question its benefits. For example, a Wall Street Journal op-ed by U.S. Senator Charles E. Schumer of New York and New York City Mayor Michael R. Bloomberg (November 1, 2006) noted that, “With the benefit of hindsight, [SOX] … needs to be re-examined. Since its passage, auditing expenses for companies doing business in the U.S. have grown far beyond anything Congress had anticipated. … [T]here appears to be a worrisome trend of corporate leaders focusing inordinate time on compliance minutiae rather than innovative strategies for growth.”

The survey asked the auditors their opinions on the costs and benefits of both the initial SOX implementation and ongoing compliance (Exhibit 4). Forty-one percent of respondents agreed that the initial costs were less than the benefits, while 46% believed that the initial costs were greater than the benefits. Given the tremendous strain the initial implementation of SOX put on public accounting firms (and their clients), it is perhaps surprising that auditors were fairly evenly split as to whether the initial implementation costs outweighed the benefits. What may be more surprising is that only 35% of respondents believed that the ongoing costs of SOX were greater than the benefits.

In a similar vein, others are particularly displeased with the burden that complying with SOX imposes on relatively small U.S.-registered firms. In a letter to The Wall Street Journal (February 2, 2006), Professor John L. Chapman noted that “[Former SEC Chairman] Arthur Levitt, Jr., makes the case for expanded Sarbanes-Oxley oversight of small businesses in opposing that law’s Section 404 exemptions for companies below $250 million in revenues, but his logic can best be ascribed to that of a former regulator’s penchant for regulation. His prescription will, alas, have the opposite effect of what he intends.”

Exhibit 5 summarizes the answers to questions related to the size issue. The results indicate mixed feelings as to whether relief from SOX should be available to the very smallest U.S. companies. Respondents are evenly divided as to whether there should be an exclusion for the bottom 1% (by market capitalization) of registered companies. However, opinions change significantly when asked whether the bottom 6% should be excluded. Fewer than 30% agree that there should be an exclusion from SOX, and over half disagree with such an exclusion for the smallest 6% of companies.

Greater Confidence in Financial Statements?

Congress passed SOX, arguably, in response to a lack of confidence of investors and creditors in audited financial statements, caused not only by a perceived or real lack of independence of auditors, but also by a perceived or real lack of internal controls in audited companies.
Interestingly, the survey shows that nearly seven out of 10 auditors agree that investors and creditors should have greater confidence in financial statements because of SOX (see Exhibit 6). This is unequivocally good news. What is sobering, however, is that fewer than half of the auditors surveyed believe that investors and creditors do indeed have greater confidence in financial statements because of SOX.

This, of course, reflects auditors’ perceptions of the views that investors and creditors have of the impact of SOX. It may also be further evidence of the differing views that auditors and the users of financial statements have of what an audit can accomplish, regardless of how independent the auditors are or how strong the internal controls are. As one survey respondent noted, “I think there is an expectations gap here. Even if we get financial reporting 99.9% accurate, that 0.1% will still generate enough headlines and bad press to keep accounting problems in the news.”

SOX’s Value a Matter of Opinion

Our survey results show that the initial dissatisfaction with the role of the PCAOB and the prohibition on services that audit firms can offer to their clients has decreased. However, a wide range of opinions as to the overall merits of SOX (opinions that differ across auditing firms) still exists. The lack of agreement among members of the profession provides further evidence of how monumental a change SOX truly is.

©2009 The New York State Society of CPAs. Legal Notices