PricewaterhouseCoopers LLP has agreed to pay over $7.9 million to settle charges brought by The Securities and Exchange Commission (“SEC”). The SEC charges alleged that PwC, and its partner Brandon Sprankle, had engaged in improper professional conduct on 19 engagements on behalf of 15 audit SEC-registered issuers and violating auditor independence by performing non-audit services during an audit engagement.
PwC agreed to cease and desist from future violations, to be censured, and to pay $3.8 million plus prejudgment interest of $613,842 as well as a civil penalty of $3.5 million.
Prohibited Services Performed
The SEC’s independence rules require external accountants to be independent from their audit clients in both fact and in appearance for the entire engagement period and the period of the financials being audited. The rules prohibit auditors from engaging in employment or direct or indirect material business relationships during the audit engagement.
Specifically, auditors are prohibited from performing services such as bookkeeping, design and implementation of systems that are significant to the client’s financial statements or other financial information systems, appraisal or valuation services, management functions or human resources, and legal or expert services unrelated to the audit. Such services are prohibited to prevent an individual from auditing his or her own work, attesting to the effectiveness of internal controls implemented, or acting as management or an employee of the audit client.
PwC partner Brandon Sprankle designed and implemented a Governance Risk and Compliance (GRC) software for a PwC audit client. He did so despite the client’s then-Head of Internal Audit’s inquiry into whether or not Sprankle was eligible due to independence rules and despite alleged knowledge that doing so would violate PwC’s independence policies.
When instructed by PwC’s Risk Assurance Independence (RAI) group to either stop the work or seek a formal independence consultation, Sprankle instead altered descriptions to mischaracterize the scope of work. PwC ended up managing the project, performing substantial design work, and providing oversight to the implementation, all while in an audit engagement with the client.
Breakdown in systems
PwC additionally failed to comply with Public Company Accounting Oversight Board (PCAOB) Rule 3235, which states that auditors are obligated to describe the scope of work and submit it in writing to the audit committee, discuss the potential effects of the work on auditor independence and document the substance of the independence discussion with the audit committee.
PCAOB standards require auditors to be independent and establish policies and procedures that are suitably designed in relation to the firm’s size, number of offices, and nature and complexity of the firm’s practice.
PwC’s actions demonstrate a breakdown in its systems of quality control in the following instances:
- Failed to provide reasonable assurance that PwC maintained independence from its SEC-registrant audit clients
- Failed to properly categorize audit versus non-audit service work
- Failed to review and monitor non-audit work being performed so that their audit clients could confirm the scope was permissible.
- Failed to properly describe the nature of the audit and non-audit services that were provided
- Failed to monitor on an ongoing basis whether its personnel were complying with independence requirements.
The SEC provides resources to guide auditors and employees on its rules regarding independence. Read the SEC’s Audit Committee and Auditor Independence Brochure.
Implementing Effective Policies and Employee Trainings
Firms must be diligent in implementing their policies and procedures in order to ensure their employees are trained and educated on independence requirements. Jacko Law Group, PC and its team of attorneys may help establish in-person or virtual, annual or quarterly trainings, advise on how and when to effectively notify employees of regulation and policy changes, and inform employees of relevant enforcement actions.
Our team can further establish policies and procedures that will create safeguards and ensure pre-engagement procedures that will provide protections against any auditor independence violations.