P RACTICE

5.1 G ENERAL

5.2.5 Miscellaneous Assurance Services

5 oTHER ENGAGEMENTS, REPoRTS, AND ACCoUNTING SERvICES 77 an audit, or through interim financial reporting. Under existing SEC and PCAoB rules, material weaknesses in ICFR must be publicly reported.

Flaws in control systems that fall below “material” are reported within the company, either to company management or the audit committee—

depending upon the severity of the flaw.

When an independent auditor issues a “clean” opinion on the com- pany’s financial statements, this is a representation to the public that the auditor has followed applicable auditing and related professional standards so as to allow the auditor to conclude with reasonable assur- ance that the financial statements are fairly presented in conformity with GAAP in all material respects. A “clean” audit opinion is not a guarantee of error-free financials, but is rather the conclusion by an auditor—using procedures and professional judgment that are reasonable to the circum- stances—that the statements are fairly presented.

78 F. I. LESSAMBO

(ii) availability⁴; (iii) processing integrity⁵; (iv) confidentiality⁶; and (v) privacy.⁷

Trust Services helps differentiate entities from their competitors by demonstrating to stakeholders that the entities are attuned to the risks posed by their environment and equipped with the controls that address those risks. Therefore, the potential beneficiaries of Trust Services assur- ance reports are consumers, business partners, creditors, bankers and other creditors, regulators, outsourcers, and those using outsourced services, and any other stakeholders who in some way rely on electronic commerce (e-commerce) and IT systems. A variety of factors have com- bined to make trust an issue. Factors such as globalization, the anonym- ity of e-commerce, and an increasing reliance on complex and powerful IT systems have caused concerns among business customers and partners leading to a decline in trust. These issues are addressed with the services provided by practitioners using the Trust Services framework. An impor- tant aspect of both the SysTrust and WebTrust brands is that they are designed to be sufficiently flexible to meet the needs of those entities wanting to be examined.

5.2.5.1 SysTrust Services

The SysTrust service is also comprised of a “family” of assurance services designed for a wide variety of IT-based systems as may be defined by the entity and, upon attainment of an unqualified assurance report, would entitle the entity to display a SysTrust Seal and accompanying auditor’s report. The SysTrust family of branded assurance services includes the following, applied in the context of an entity’s defined system:

a. SysTrust-Systems Reliability. The scope of the assurance engage- ment includes the Security, Availability, Processing Integrity or Confidentiality Principles and Criteria.

b. SoC 3 SysTrust for Service organizations. The scope of the assurance engagement includes one or more combinations of

7 Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with the criteria set forth in Generally Accepted Privacy Principles issued by the AICPA/CICA.

4 The system is available for operation and use as committed or agreed.

5 System processing is complete, accurate, timely, and authorized.

6 Information designated as confidential is protected as committed or agreed.

5 oTHER ENGAGEMENTS, REPoRTS, AND ACCoUNTING SERvICES 79 the Security, Availability, Processing Integrity, Confidentiality or Privacy Principles and Criteria unique to service organizations.

SysTrust responds to this business need by providing suitable criteria and a process that enables a CPA to provide assurance that a system is, in fact, reliable.

5.2.5.2 WebTrust Services

The WebTrust service is actually comprised of a “family” of assurance services designed for e-commerce-based systems and, upon attainment of an unqualified assurance report, would entitle the entity to display a WebTrust Seal and accompanying practitioner’s report on its Web site.

During a WebTrust engagement, the practitioner “audits” a company’s online business practices to verify compliance matters such as privacy, security, availability, confidentiality, consumer redress for complaints, and business practices. WebTrust provides suitable criteria for practitioners as well as a licensing process that enables CPAs to provide assurance on Web sites.

5.2.5.3 ElderCare Services

ElderCare is a service line designed to provide assurance to family mem- bers and the elderly themselves that care goals are achieved for family members who are no longer able to be totally independent. These ser- vices may include financial services such as paying bills, preparing tax returns, and estate work. In addition, a practitioner might coordinate and evaluate the provision of care, or deal with, unusual or unexpected occurrences.⁸

The Committee defines ElderCare Services as a service designed to provide assurance to family members that care goals are achieved for elderly family members no longer able to be totally independent.

ElderCare Services can involve three kinds of services: direct services, assurance services, and consulting services. Direct services entail the more traditional aspects of accounting and financial services. Assurance services involve the measuring and reporting on prescribed goals against stated criteria. Consulting services include planning and evaluation of cli- ent needs.

8 Steven E. Salterio (2000): Expanding Assurance Services: An Update from the Assurance Services Executive Committee, volume 23, No. 3.

80 F. I. LESSAMBO

The wealth controlled by persons over the age of 65 is estimated to be $11 to $13 trillion in 1997. That number has significantly increased since then.⁹

5.2.5.4 Performance View Services

Whether employed during audits or tax engagements, performance measures can have a big effect on your clients’ businesses. With per- formance view services, the auditor is assisting or aiding his or her cli- ents develop an integrated set of financial and nonfinancial performance measures to employ in managing their businesses.

5.3 A

DVISORY

S

ERVICES

The rise of the advisory and consulting services within accounting firms has become a major concern for regulators, both the PCAoB and the SEC. Mr. Harris who presides over both the PCAoB Investor Advisory Group and IFIAR’s Investor and other Stakeholders Working Group Provides a brilliant historical aspect of the long-time conflicts between core auditing and non-audit services as follows¹⁰:

– Starting in the 1950s, the SEC raised concerns about the rise of non-audit services in the largest firms.

– Congress looked into this issue in the 1970s, and while it seriously considered limiting the non-audit services that independent public accountants could provide, no action was taken.

– Congressional investigation continued in the 1980s, with then Chairman of the House Commerce Committee, John Dingell, con- ducting numerous oversight hearings directed principally to audit quality and independence.

– In the late 1990s, in response to an increasingly complex web of business and financial relationships between auditors and their audit clients and the dramatic increase in the revenues from non-audit services to clients, the SEC took action by imposing certain require- ments for auditor independence.

9 Robert K. Elliot and Don M. Pallais (1997): Are You Ready for New Services? Journal of Accountancy, p. 49.

10 Steven B. Harris- PCAoB (Nov 24, 2014): The Rise of Advisory Services in Audit Firms.

5 oTHER ENGAGEMENTS, REPoRTS, AND ACCoUNTING SERvICES 81 – The link between the rise of non-audit services in the 1980s and

1990s to the financial reporting crises preceding the adoption of the Sarbanes-oxley Act in 2002 is somewhat unclear. But, the rise of advisory services is generally considered to have fundamentally changed the culture and tone at the top at the firms and had firm leaders focusing more on offering broader services to audit clients.

Addressing these concerns, Section 201 of the Sarbanes-oxley Act enu- merates a number of prohibited non-audit services by auditors to audit clients and charged Board’s independent audit committees with carefully monitoring these activities. Section 201 of the Sarbanes-oxley Act pro- hibits the following services:

1. Bookkeeping or other services related to the accounting records or financial statements of the audit client;

2. Financial information systems design and implementation;

3. Appraisal or valuation services, fairness opinions, or contribu- tion-in-kind reports;

4. Actuarial services; (5) internal audit outsourcing services;

5. Management functions or human resources;

6. Broker or dealer, investment adviser, or investment banking services;

7. Legal services and expert services unrelated to the audit; and

8. Any other service that the Board determines, by regulation, is impermissible.

Stop and Go

Following the passage of the Sarbanes-oxley Act, three of the four major firms divested their advisory and consulting practices. Since then, how- ever, each of these firms has rebuilt these practices.¹¹ A few examples of the many advisory and consulting services some of the largest firms now provide their non-audit clients include, but are certainly not limited to, enterprise strategy, marketing and sales, corporate finance, mergers and acquisitions, government consulting, legal services, immigration, and a wide variety of risk management services, including financial, insurance, and IT risk management, cybersecurity, human resources transformations

11 Steven B. Harris- PCAoB (Nov 24, 2014): The Rise of Advisory Services in Audit Firms.

82 F. I. LESSAMBO

… and the list goes on. In fact, a Big Four firm’s foreign affiliate announced in March its ambitions to become a global top 20 legal ser- vices player within the next five years.

Today, the advisory practices for the firms are growing much faster than the other service lines:

– At the four major global audit firms accounted for $51 billion in revenue in 2009 and $65 billion in 2013—a rise of $14 billion, or 27%, in four years. Contrast that with audit revenues, which only grew by $3 billion in those same four years. In 2013, revenues from non-audit services represented 57% of the global revenues at those firms.

– Domestically, advisory services alone represent 39% of total reve- nues across the major US firms, now larger than audit’s 36% share.

Since 2011, advisory services’ prominence has risen while audit’s has declined. To provide some perspective, audit revenues repre- sented 70% of the firms’ total revenues in 1977, 34% in 1998, and about 30% in 2000.

– Revenues for non-audit services have grown at an average rate of about 10% in recent years, while revenues for assurance services have grown at a modest 4%. Further, based on proxy statement fee disclosures, public company audit fees have been stagnant, so the growth in assurance revenue is coming from risk services or from audits in the nonpublic sectors.

• Risk Advisory Services

Risk Advisory Services provide the CPA with:

a. A common language and framework for understanding and com- municating risk management issues; and

b. A series of practice guides describing tools, techniques, and train- ing that support the risk management process.

The performance of these types of assurance services may or may not be subject to the attestation standards, depending on how an engagement is developed and performed. The attestation standards apply whenever a CPA is engaged to issue or does issue an examination, review, or agreed- upon procedures report on subject matter (or an assertion about the

5 oTHER ENGAGEMENTS, REPoRTS, AND ACCoUNTING SERvICES 83 subject matter) that is the responsibility of another party. This definition is engagement-oriented and, therefore, the CPA must take care to define the nature of the services to be provided and whether they are intended to provide assurance.

• Potential threats to auditors’ independence

A concern is that there may be greater risk of independence violations.

This stems from two possibilities—insufficient monitoring of various ser- vices provided to audit clients and permissible tax consulting work that may cross the line. Investors’ concerns stem from continued independ- ence violations. For example, in 2014 the SEC concluded enforcement actions against several large accounting firms and individual audit part- ners relating to auditor independence matters. And I would think that these enforcement matters would be of considerable concern to board directors, audit committees and their counsel alike.

Audit firms have said that the acquisition and ownership of non-au- dit expertise benefits and supports audit expertise. He said those benefits need to be continually reexamined by firms and articulated.¹²

5.4 N

ON

-

ASSURANCE

S

ERVICES

A common characteristic of these non-assurance services is that the pro- fessional accountant’s services are designed to provide technical skills, education, observations, experiences, and knowledge to subject mat- ter for the direct use and benefit of the client. The services considered necessary are generally determined by agreement between the client and the practitioner, and the outcome of the work is not designed to provide any level of assurance to parties outside the client or responsible party.

Examples of professional services typically provided by practitioners that would not be considered an attestation engagement include:

• Management consulting engagements whereby the practitioner pro- vides advice or recommendations to a client;

• Engagements to advocate a client’s position (e.g., tax matters being reviewed by the Internal Revenue Service);

12 Ben Tysiac (Dec 9, 2013): Effects of Non-audit Services at Audit Firms Concern PCAoB, SEC Journal of Accountancy.

84 F. I. LESSAMBO

• Tax engagements involving the preparation of tax returns or provid- ing tax advice;

• Compilations or reviews of financial statements;

• Engagements in which the practitioner’s role is solely to assist the client (e.g., acting as the company’s accountant in preparing infor- mation other than financial statements);

• Engagements to testify as an expert witness in accounting, auditing, taxation, or other matters; and

• Engagements to provide an expert opinion on certain points of principle, such as the application of tax laws or accounting stand- ards, given certain stipulated facts provided by another party as long as the expert opinion does not express a conclusion about the relia- bility of the facts provided by another party.