Richard Thompson Ainsworth Tax Counsel, Taxware Taxware

This article examines audit, non-audit and prohibited transaction tax services. A concluding hypothetical example examines how the audit committee’s approval process will (a) select the independent auditor and (b) determine which non-audit tax services the auditor will perform. SOX is applicable across financial specialties and across the globe. It regulates all companies that list shares on US exchanges.

Preferred third party providers of transaction tax services⁸ will be independent of the major accounting firms. In particular, they will have no research or consulting affiliations with the independent auditor of their clients. Additionally, providers will be preferred when they offer technology-intensive solutions that have deep internal control accountability and the ability to expand globally with client needs.

The Global Scope of SOX

SOX is global because confidence in US financial markets cannot be restored when public firms maintain Enron-like relationships with accounting firms outside the US.⁹ SOX impacts both domestic and foreign issuers,¹⁰ as well as domestic and foreign auditors.¹¹

Initially Foreign accounting organisations protested. The most vocal were the Institute of Chartered Accountants in England and Wales,¹² the Institut der Wirtschaftsprufer,¹³ the Fédération des Experts Comptables Européens.¹⁴ Fritz Bolkestein, the EU Financial Services Commissioner was also threatening retaliation. Although he initially suggested that US firms would be placed under new regulatory controls in each of the 25 EU countries if EU firms were not exempted from SOX,¹⁵ He has now suggested wide ranging changes in EU law with the proposal of a new SOX-like Directive that would apply to all public accounting firms throughout the EU. This proposal was announced March 16th, 2004,¹⁶ and will be the subject of a further article in this series in the International Tax Review.

Operative Assumptions

Economic, not legal principles control the allocation of non-audit services under SOX. Congress saw a dysfunctional market place in non-audit service. Independent auditors, under pressures to maximize profits, had compromised their independence and monopolized the market.

Senator Sarbanes spelled out standards during Senate floor debates.¹⁷ The SEC emphasized his “simple principles” in final regulations:

… the principles of independence with respect to services provided by auditors are largely predicated on three basic principles, violations of which would impair the auditor's independence:
  (1) an auditor cannot function in the role of management,
  (2) an auditor cannot audit his or her own work, and
  (3) an auditor cannot serve in an advocacy role for his or her own client.¹⁸

SOX applies these principles to three categories of services: audit, non-audit and prohibited services. A further distinction is made between “pre-approved” and “non-approved” services. Thus, there are three critical distinctions: (1) audit versus non-audit services, (2) pre-approved versus non-approved non-audit services, and (3) non-audit services versus prohibited services. The analysis required at each point is not the same. This can be presented graphically as:

1		3
Audit Services Non-audit Services Prohibited Services
“pre-approved”		“non-approved”
2

Simply stated, SOX requires all audit services be pre-approved, along with some of the non-audit services.¹⁹ Likewise, all prohibited services are off limits for the firm’s auditor, along with unapproved non-audit services.

An Economic Approach to Regulation

At either extreme the position is clear cut and well defined, but a considerable grey area remains in between. The PCAOB defines an audit (decision point 1). The SEC defines prohibited services (decision point 3). However, less specific, economic-based rules control the area between them – the area of non-audit services. The audit committee makes distinctions here without clear cut distinctions.²⁰ These are market-driven decisions, and they are typical of US security regulation. ²¹

A conservative approach is expected at decision points 1 and 2. Audit committees are expected to “play it safe.” Questionable audit services will be considered “non-audit” rather than being approved as part of the audit.²² Similarly, if a service appears to fall with a prohibited service, audit committee will not classify it “non-audit.” ²³

The expansion of crimes, penalties and civil liability compels conservatism. SOX introduces seven new crimes: (1) an expanded definition of securities fraud;²⁴ changes to and expansion of obstruction of justice in areas of (2) document destruction,²⁵ (3) tampering,²⁶ or (4) inducing others to do the same;²⁷ (5) retaliation against informants and whistleblowers is a crime;²⁸ (6) attempts and conspiracies to commit these crimes are criminalized;²⁹ (7) false certification under sections 302 and 404 is criminalized.³⁰

Individual and corporate penalties are expanded. If material non-compliance with SOX results in a restatement of financial statements, senior management may have to return bonuses.³¹ Provisions require the disgorgement of funds.³² Violators can be barred from future public company service.³³ Fines are increased,³⁴ sentences increased.³⁵ Sentencing guidelines have been changed.³⁶

Civil liability is significantly increased. Violating SOX is a violation of the Securities Exchange Act of 1934,³⁷ and opening the door for 10b-5 shareholder suits. Material misrepresentation assertions will be accompanied by assertions of inadequate disclosure controls.

Audit Services & Prohibited Services

The First Extreme: Audit Service SOX, SEC and PCAOB Rules

What is an audit? Section 2(a) (2) of SOX provides:

The term “audit” means an examination of the financial statements of any issuer by an independent public accounting firm in accordance with the rules of the Board or the Commission … for the purpose of expressing an opinion on such statements.

The SEC considers this definition briefly.³⁸ The final regulations on “Standards Relating to Listed Company Audit Committees” states:

[T]his category [audit services] includes services that normally would be provided by the accountant in connection with statutory and regulatory filings and engagements. In addition to services necessary to perform an audit or review in accordance with Generally Accepted Auditing Standards (“GAAS”) this category may also include services that generally only the independent accountant can normally provide, such as comfort letters, statutory audits, attest services, consents and assistance with and review of documents filed with the Commission.³⁹

The SEC cross-references to “audit fee” regulations.⁴⁰ It states that, “… ‘audit, review or attest’ services … [are] the same services covered in the ‘Audit Fees’ category in an issuer’s disclosure of fees paid to its independent public accountants.”⁴¹ Those regulations stated:

Audit Fees, [are] the aggregate fees billed for each of the last two fiscal years for professional services rendered by the principal accountant for the audit of the registrant’s annual financial statements and review of financial statements including the registrant’s Form 10-Q or 10-QSB or services that are normally provided by the accountant in connection with statutory and regulatory filings or engagements for those fiscal years.⁴²

On October 7, 2003 the PCAOB issued auditing standards that defined an audit.⁴³ In the 63-page standard the PCAOB adopts a broader definition of audit than GAAS. A SOX audit is “an integrated audit of the financial statements and internal control over financial reporting.”⁴⁴ The PCAOB states:

An audit of internal control over financial reporting is an extensive process involving several steps. It is integrated with the audit of the financial statements. Under the proposed auditing standard, these steps would include: planning the audit; evaluating the process management used to perform its assessment of internal control effectiveness; obtaining an understanding of the internal control; evaluating the effectiveness of both the design and operation of the internal control; and forming an opinion about whether internal control over financial reporting is effective.⁴⁵

Audit and Non-audit Tax Services

Tax services will appear on both sides of the audit/ non-audit services line (decision point 1 in the diagram above). Tax services are part of the audit.

For example, in some situations, a tax partner may be involved in reviewing the tax accrual that appears in the company’s financial statements. Since that is a necessary part of the audit process, that activity constitutes an audit service. … the activity constitutes an audit service since it is a necessary procedure used by the accountant in reaching an opinion on the financial statements.⁴⁶

Tax services are also non-audit services. The auditor may perform them only if “pre-approved.” Fees must be itemized and disclosed. The SEC describes “non-audit” tax services as follows:

The tax fees category would capture all services performed by professional staff in the independent accountant’s tax division except those services related to the audit as discussed previously. Typically, it would include fees for tax compliance, tax planning, and tax advice. Tax compliance generally involves preparation of original and amended returns, claims for refund and tax-payment planning services. Tax planning and tax advice encompass a diverse range of services, including assistance with tax audits and appeals, tax advice related to mergers and acquisitions, employee benefit plans and requests for rulings or technical advice from taxing authorities.⁴⁷

Whether specific non-audit tax services should be pre-approved involves case-by-case analysis by the audit committee. “Efficiency and investor protection” is the standard applied.

The Second Extreme: Prohibited Services SOX, and SEC Rules

SOX and the SEC, not the PCAOB, defines prohibited services. Section 201(a) of SOX adds to section 10A of the SEC Act of 1934 the following language.

[I]t shall be unlawful for a registered public accounting firm … that performs for any issuer any audit required by this title … to provide to that issuer, contemporaneously with the audit, any non-audit service, including --
bookkeeping or other services related to the accounting records or financial statements of the audit client;
financial information systems design and implementation;
appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
actuarial services;
internal audit outsourcing services;
management functions or human resources;
broker or dealer, investment adviser, or investment banking services;
legal services and expert services unrelated to the audit; and
any other service that the Board determines, by regulation, is impermissible.
… A registered public accounting firm may engage in any non-audit services, including tax services, that is not described in any of the paragraphs (1) through (9) for an audit client, only if the activity is approved in advance by the audit committee of the issuer, …"

Tax services straddle the line between prohibited and non-audit services (decision point 3 in the diagram above).
Test by Analogy

“[A] registered public accounting firm may engage in any non-audit services, including tax services, …” However, tax services must not be “…described in any of the paragraphs (1) through (9) for an audit client…” Analogical reasoning determines if a particular tax service is prohibited.

The SEC demonstrates this approach when it discusses the legal services prohibition. The SEC states:

[M]erely labeling a service as a 'tax service' will not necessarily eliminate its potential to impair independence under Rule 2-01(b). Audit committees and accountants should understand that providing certain tax services to an audit client would, as described below, or could, in certain circumstances, impair the independence of the accountant. Specifically, accountants would impair their independence by representing an audit client before tax court, district court or federal court of claims.⁴⁸

Example

X Corporation is a public, NYSE company subject to Sarbanes-Oxley. X is subject to sales and use, VAT and GST taxes in over 7,000 world-wide.

CPA-1, CPA-2, CPA-3 and CPA-4 provide global auditing services. Tentatively, CPA-1 is X’s auditor. The audit committee is considering eight non-audit transaction tax services that CPA-1 wants to provide.

1. Global Transaction Tax Software. CPA-1; CPA-2; Software-1; Software-2; Software-3 offer this software. CPA-1, CPA-2, and Software-1 do their own research. VAT research has been outsourced by Software-2 to CPA-1, and by Software-3 to an international law firm.
2. Installation and Integration Services. CPA-1, CPA-2, CPA-3, and CPA-4 install and integrate all software. Software-1 does this for its own product.
3. Mapping Services. All providers offer mapping services. Software firms offer this only for their own product.
4. Transaction Tax Return Preparation/ Reporting Services. CPA-1, and Software-1 offer fully automated services. CPA-2 is partly manual. CPA-3 and CPA-4 are fully manual.
5. Government Transaction Tax Audit/ Compliance Services. CPA-1, CPA-2, CPA-3, and CPA-4 provide global audit support. Software-1 offers limited, remote services.
6. Transaction Tax Litigation and Advocacy Services. Provided by CPA-1, CPA-2, CPA-3, CPA-4, and the law firm.
7. Transaction Tax Planning Services. Everyone except Software-2 provides these services.
8. Historical Transaction Tax Assessment Services. All providers check historical transaction tax records for accuracy.

Decision #1:
Auditor—No Prohibited Services

X cannot both install CPA-1’s transaction tax software and retain CPA-1 as the auditor. The software performs a prohibited bookkeeping and internal audit function. Installation and implementation of a financial information system is also prohibited. Software-1 is the best choice for transaction tax software, because it does its own research, installation and integration.

Decision #2:
“Approved” Non-Audit Services

Mapping services. Requiring detailed knowledge of two data bases, internal product skew numbers, and software product codes, the tax department and Software-1 would have mapping knowledge. CPA-1 would not pass the “efficiency and investor protection” standard.

Return Preparation/ Reporting Services. Automated return preparation and reporting system are preferable. Automation allows superior internal control. Software-1 would perform this function seamlessly.

Government Audit/ Compliance Services. CPA-1 can offer significant efficiencies over competitors. They have unique knowledge of X’s structure and tax position. CPA-1 must not become an advocate. The same analysis would apply to the Historical Transaction Tax Assessment Services.

Transaction Tax Litigation and Advocacy Services. Advocacy is a prohibited activity the auditor cannot perform. X will loose flexibility on who could be its auditor in the future if it does not select the law firm.

Transaction Tax Planning Services. To avoid auditing its own work the auditor should not be pre-approved. X will loose flexibility on who could be its auditor in the future if it does not select the law firm.

Conclusion

When applying SOX requirements to the provision of tax services the audit committee concerns itself with three distinct decisions: distinguishing (1) audit and non-audit services, (2) pre-approved and non-approved non-audit services, and (3) non-audit and prohibited services.

Distinguishing between audit and non-audit tax services, the audit committee asks: Is this, “… a necessary procedure used by the accountant in reaching an opinion on the financial statements … [or is it] a necessary procedure used by the accountant in reaching an opinion on the internal controls over financial reporting?”

Distinguishing between non-audit and prohibited tax services, the audit committee reasons by analogy to eight specifically prohibited services in section 201(a).

Distinguishing between pre-approved and non-approved non-audit tax services the audit committee applies an “efficiencies and investor protection” test. In doing so the audit committee invigorates centers of professional expertise that had previously been pushed out of the non-audit tax services market by the dominant position of the independent auditor. By applying an economic, marketplace standard SOX intends to restore a healthy competition among the tax department, the auditor, and various third party providers (law firms, technology firms and other accounting firms).

The great SOX challenge is in the grey areas, distinguishing between approved and non-approved tax services. Anticipating how SOX will evolve is a difficult assignment as the regulations continue to be proposed by the SEC and PCAOB. Direct SOX litigation is non-existent. However a glimpse of future enforcement actions can be gleaned from sanctions imposed on Ernst & Young on a pre-SOX auditor independence case. On April 16, 2004 the SEC required Ernst & Young to “pay disgorgement” of $1,686,500 and barred the firm from accepting new audit clients for six months because of a violation of SEC Rule 102(e). The Chief Administrative Judge, Brenda Murray, was careful to note in her decision that “As a result of the Sarbanes-Oxley Act of 2002, Rule 102(e) was codified in Section 4C of the Exchange Act.⁴⁹”

Many countries are watching developments in the US, not the least of which are the countries in the EU where new European Union legislation is being drawn up in the form of a Directive on statutory audits.⁵⁰ A comparison of SOX and the new Directive will be the topic of the next in this series of articles on regulation of auditing profession.

¹http://www.law.uc.edu/CCL/Soact/soact.pfd
²SOX treats tax as a suspect function. Only tax services must be separately itemized along with auditor fees. (See: U.S. SEC, RIN 3235-AI73 “Strengthening the Commission’s Requirements Regarding Auditor Independence” (January 28, 2003, release date; May 6, 2003, effective date); www.sec.gov/rules/final/33-8183.htm). Each of the highly publicized security scandals involved either the tax positions taken by the companies or the determination of tax reserves. See: (1) Enron: Peter Behr and April Witt, Visionary’s Dream Led to Risky Business: Opaque Deals, Accounting Sleight of Hand Built an Energy Giant and Ensured Its Demise, Washington Post, July 28, 2002, at A-1; (2) Tyco: Mark Maremount and Laurie P. Cohen, New York Prosecutors Seek Auditor Link in Tyco Probe, WSJ Europe, September 30, 2002, at A-1; (3) WorldCom: Carrie Johnson and Ben White, WorldCom Arrests Made: Two Former Executives Charged with Hiding Expenses, Washington Post, August 2, 2002, at A-1.
³Established under Title I, the PCAOB monitors auditing, quality control, ethics, independence and other reporting standards. It will conduct inspections, investigations and disciplinary proceedings. Section 106 (a) extends authority to non-US public accounting firms. The PCAOB has released rules on oversight of non-US firms. (Release number 2003-024; www.pcaobus.org/pcaob_rulemaking.asp).
⁴See for example: Wardell, Thomas, International Accounting Standards in the Wake of Enron: The Current State of Play under the Sarbanes-Oxley Act of 2002, 28 NCJILCR 935 (Summer, 2003); The Good the Bad and Their Corporate Code of Ethics: Enron, Sarbanes-Oxley, and the Problems with Legislating Good Behavior, 116 HLR 2123 (May, 2003).
⁵See: Kim, Brian. Recent Development: Sarbanes-Oxley Act, 40 HJL 235 (Winter, 2003).
⁶Senator Carl Levin quantified the financial dynamics on the floor of the US Senate. (148 Cong. Rec. S6563; daily edition, July 10, 2002). In 1999 50% of revenues at the Big Five accounting firms came from consulting services, only 34% came from auditing. By 2002, almost 75% of fees came from non-audit services. The evidence indicated, according to Senator Levin, that the accounting firms were lowering audit fees to secure lucrative consulting contracts.
⁷SEC RIN 3235-AI73 at www.sec.gov/rules/final/33-8183.htm.
⁸Given the financial size of the tax planning, tax shelter and transfer pricing consultancies, it is not surprising that most SOX discussions focus on income tax issues. However the audit committee’s analytical process is the same in income tax or transaction tax settings, and perhaps can be seen more clearly at a distance from the income tax.
⁹See: Benov, Matthew M. The Equivalence Test and Sarbanes-Oxley: Accommodating Foreign Private Issuers and Maintaining the Vitality of U.S. Markets, 16 Transnational Lawyer 439 (Spring, 2003); Weiss, Harry J. Impact of Sarbanes-Oxley Act on Non-U. S. Companies Whose Shares are Traded in the United States Markets, 1336 PLI 303 (October 9, 2002); Taneda, Kenji. Sarbanes-Oxley, Foreign Issuers and United States Securities Regulation, 2003 CBLR 715; Stuart, David M. and Harles F. Wright. The Sarbanes-Oxley Act: Advancing the SEC’s Ability to Obtain Foreign Audit Documentation in Accounting Fraud Investigations, 2002 CBLR, 749.
¹⁰See: Section 302, concerning quarterly “disclosure controls and procedures” by CEO and CFO’s, (extended to foreign issuers). (U.S. Securities and Exchange Commission, RIN 3235-AI54 “Certification of Disclosure in Companies’ Quarterly and Annual Reports” (August 28, 2002, release date; August 29, 2003, effective date); www.sec.gov/rules/final/33-8124.htm). Similarly, Section 404, which concerns “internal controls over financial reporting” by CEO’s and CFO’s (extended to foreign issuers). (U.S. Securities and Exchange Commission, RIN 3235-AI66 “Management’s Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports” (June 5, 2003, release date; August 14, 2003, effective date); www.sec.gov/rules/final/33-8238.htm).
¹¹Section 106(a) subjects foreign accounting firms to the act, section 104(a) requires the PCAOB to conduct a continuing program of inspections over all accounting firms that file reports with the Commission, and Section 802 imposes penalties for violations. See: PCAOB Release number 2003-024. “Proposed Rule on Oversight on Non-U. S. Firms.” (December 10, 2003) at www.pcaobus.org/pcaob_rulemaking.asp).
¹²See: Letters of Peter Wyman, President of the Institute of Chartered Accountants in England and Wales, to the SEC on December 24, 2002 at www.sec.gov/rules/proposed/s74902/pwyman1.htm and January 10, 2003 at www.sec.gov/rules/proposed/s74902/pwyman2.htm.
¹³See: Letter of Dr. Veidt and Professor Naumann, from the Institut der Wirtschaftspr¸fer on December 27, 2002 at www.sec.gov/rules/proposed/s74902/veidt1.htm.
¹⁴See: Letters of David Devlin, President of the FÈdÈration des Experts Comptables EuropÈens to the SEC on January 13, 2003 at www.sec.gov/rules/proposed/s74902/ddevlin1.htm.
¹⁵U.S. and E.U. Face Off Over Sarbanes-Oxley Regulation, AccountingWEB.com (June 18, 2003) at www.accountingweb.com/cgi-bin/item.cgi?id=97712
¹⁶http://europa.eu.int/comm/internal_market/auditing/docs/com-2004-177/com2004-177_en.pdf.
¹⁷Senate Report 107-205, 107th Cong., 2d Sess., July 3, 2002.
¹⁸SEC RIN 3235-AI73 at www.sec.gov/rules/final/33-8183.htm
¹⁹Section 202. “[T]he audit committee [must] pre-approve the services – both audit and permitted non-audit – of the accounting firm.” SEC RIN 3235-AI73 at II (D); www.sec.gov/rules/final/33-8183.htm).
²⁰Some argue for bright line tests in this area. Durst, Michael C. & Thomas H. Gibson. “Audit” vs. Non-Audit” Tax Services under Sarbanes-Oxley. The Tax Executive (November-December, 2003) 474-477; Letter of Robert T. Bossart, retired Tax Partner from Arthur Andersen, to the SEC on January 2, 2003 at www.sec.gov/rules/proposed/s74902/rtbossart1.htm; and the letter of Philip A. Laskewy, retired chairman of Ernst & Young to the SEC who asks for “absolute clarity as to which non-audit services are prohibited, and which are permitted subject to audit committee pre-approval.” www.sec.gov/rules/proposed/s74902/palaskawy1.htm.
²¹The letter of the ABA Sarbanes-Oxley Task Force to the SEC on January 6, 2003 argues against a “blanket exemption of tax services from prohibitions of the Act,” but also argues that “a simple requirement of audit committee pre-approval of tax services would [not] provide sufficient protection to the investing public.” The ABA requested that the SEC “identify in advance the types of tax services that involve a sufficient risk to auditor independence under the three basic principles, and to subject the audit firm and the registrant to sanctions of the Act if any are performed by the audit firm.” www.sec.gov/rules/proposed/s74902/hnbeller1.htm;
²²Incorrectly classifying “non-audit” services as “audit” services may constitute a failure in audit committee pre-approval obligations, and a misrepresentation of fees for non-audit tax services. This violation of SOX, and the SEA of 1934, may come under section 202’s de minimus exception which allows up to a 5% error rate based on total revenues paid to the auditor.
²³An auditor performing a prohibited service has no benefit of a de minimus rule. The violation of SOX is immediate. Section 3 makes this a violation of the SEA 1934. Penalties apply for the auditor, the company, and the CEO and CFO, if certified SEC reports containing the violation.
²⁴SOX section 807. Under section 803 these debts are not dischargeable in bankruptcy.
²⁵SOX section 802.
²⁶SOX section 802.
²⁷SOX section 1102.
²⁸SOX section 1107 and 806
²⁹SOX section 902.
³⁰SOX section 906. A knowing violation of the certification provisions carries up to a $1,000,000 fine, 10 years imprisonment, or both. Willful violations carry up to a $5,000,000 fine, 20 years imprisonment, or both.
³¹SOX section 304.
³²SOX section 308.
³³SOX section 1105.
³⁴SOX section 804.
³⁵SOX section 1106.
³⁶SOX section 1106.
³⁷SEA 1934, 15 U.S.C. Sections 78 et seq.
³⁸Brevity reflects an SEC policy that defining the scope of audit belong to the PCAOB. Pursuant to Section 107, proposed PCAOB rules require SEC approval.
³⁹U.S. Securities and Exchange Commission, RIN 3235-AI75, “Final Rule: Standards Relating to Listed Company Audit Committees” (April 9, 2003 release date; April 25, 2003, effective date) at Section II (B) (1). Also: SEC RIN 3235-AI73 at II (D); www.sec.gov/rules/final/33-8183.htm.
⁴⁰SEC RIN 3235-AI73 at www.sec.gov/rules/final/33-8183.htm
⁴¹SEC RIN 3235-AI73 at Section II (B) (1); www.sec.gov/rules/final/33-8220.htm).
⁴²17 CFR 240.14a-101, Item 9 (e) (1). See also: SEC RIN 3235-AI73 at www.sec.gov/rules/final/33-8183.htm
⁴³PCAOB Release number 2003-017. “Proposed Auditing Standard – An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements.” (October 7, 2003); www.pcaobus.org/pcaob_rulemaking.asp.
⁴⁴PCAOB Release number 2003-017 at pages A-8 through A-10; www.pcaobus.org/pcaob_rulemaking.asp.
⁴⁵PCAOB Release number 2003-017, at page 6; www.pcaobus.org/pcaob_rulemaking.asp.
⁴⁶SEC RIN 3235-AI73 at II (D); www.sec.gov/rules/final/33-8183.htm.
⁴⁷SEC RIN 3235-AI73 at II (H); www.sec.gov/rules/final/33-8183.htm.
⁴⁸SEC RIN 3235-AI73 at II (B) (10). www.sec.gov/rules/final/33-8183.htm.
⁴⁹In the Matter of Ernst & Young Initial Decision Release No. 249 (April 16, 2004), at 56. http://www.sec.gov/litigation/aljdec/id249bpm.htm
⁵⁰http://europa.eu.int/comm/internal_market/auditing/docs/com-2004-177/com2004-177_en.pdf