On February 29, the Securities and Exchange Commission (the SEC) announced that it settled an administrative proceeding against Lordstown Motors Corps’ former auditor, Clark Schaefer Hackett and Co. (CSH)—the same day that the SEC also announced charges against Lordstown for misleading investors about the sales prospects of its flagship electric pickup truck, the Endurance.

Among other findings, the SEC found that CSH violated Rule 2-01 of Regulation S-X (the Rule) by providing prohibited non-audit services to Lordstown while also engaged in auditing Lordstown’s financial statements (which were then used in connection with Lordstown’s registration statements and periodic reports filed with the SEC). Without admitting or denying the SEC’s findings, CSH agreed to a censure, a cease-and-desist order, the payment of more than $80,000 in civil penalties, disgorgement and interest, and certain undertakings to improve its policies and procedures.

These developments serve as a reminder that the SEC is focused on enforcing the auditor independence rules and regulations adopted in the wake of the Sarbanes-Oxley Act of 2002 (SOX Act). To assist public companies and their audit committees in their ongoing compliance efforts, we discuss the Rule in more detail below. We also present a few best practices for compliance with the Rule.

Pre-Approval Policies and Procedures

Under the Rule, before an independent auditor is engaged by a public company to perform audit services or permitted non-audit services (see below for a list of prohibited non-audit services), the engagement must be approved by the company’s audit committee or entered into pursuant to the pre-approval policies and procedures established by the audit committee. Having the audit committee (or one or more of its members with delegated authority, as is allowed under the Rule) pre-approve every auditor engagement can be cumbersome, so most audit committees have established pre-approval policies and procedures.

The Rule requires the following if an audit committee relies on pre-approval policies and procedures:

  1. The policies and procedures must be detailed as to the particular service.
  2. The audit committee must be informed on a timely basis of each service.
  3. The policies and procedures may not include the delegation of audit committee responsibilities to management.

Public companies must also disclose their pre-approval policies and procedures in their 10-Ks and proxy statements.

As to the level of detail required in a public company’s pre-approval policy, the SEC has stated that the determination of the appropriate level of detail will differ depending upon the facts and circumstances of the issuer. However, a key requirement is that the policies cannot result in a delegation of the audit committee’s responsibility to management. As such, if a member of management is required to judge whether a proposed service fits within the pre-approved services, then the pre-approval policy would not be sufficiently detailed as to the particular services to be provided. Similarly, pre-approval policies must be designed such that the audit committee knows what services it is being asked to pre-approve so that it can make a well-reasoned assessment of the impact of the service on the auditor’s independence. For example, if the audit committee is presented with a schedule or cover sheet describing services to be pre-approved, that schedule or cover sheet must be accompanied by detailed backup documentation regarding the specific services to be provided. Pre-approval policies and procedures also cannot provide for broad, categorical approvals (e.g., tax compliance services), nor can monetary limits be the sole basis for the pre-approval policies and procedures.

Notwithstanding the foregoing, pre-approval is not required for permitted non-audit services if:

  1. All such services do not aggregate to more than 5% of total revenues paid by the company to its auditor in the fiscal year when services are provided.
  2. The services were not recognized as non-audit services at the time of the engagement.
  3. The services are promptly brought to the attention of the audit committee and approved prior to the completion of the audit by the audit committee.

Prohibited Non-Audit Services

Under the Rule, an auditor is not independent if, at any point during the audit and professional engagement period, the auditor provides the below-described non-audit services to a public company audit client. These services are prohibited because they would result in the auditor auditing its own work, thereby compromising its independence.

  1. Bookkeeping. Bookkeeping or other services related to the company’s accounting records or financial statements (unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the company’s financial statements), including any of the following:
    • Maintaining or preparing the company’s accounting record.
    • Preparing the company’s financial statements that are filed with the SEC or that form the basis of financial statements filed with the SEC.
    • Preparing or originating source data underlying the company’s financial statements.
  2. Financial Information Systems Design and Implementation. Designing and implementing financial information systems (unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the company’s financial statements), including either of the following:
    • Directly or indirectly operating, or supervising the operation of, the company’s information system or managing its local area network.
    • Designing or implementing a hardware or software system that aggregates source data underlying the financial statements or generates information that is significant to the company’s financial statements or other financial information systems taken as a whole.
  3. Appraisal or Valuation Services, Fairness Opinions, or Contribution-In-Kind Reports. Any appraisal service, valuation service, or any service involving a fairness opinion or contribution-in-kind report for the company, unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the company’s financial statements.
  4. Actuarial Services. Any actuarially-oriented advisory service involving the determination of amounts recorded in the financial statements and related accounts for the company other than assisting the company in understanding the methods, models, assumptions, and inputs used in computing an amount, unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the company’s financial statements.
  5. Internal Audit Outsourcing Services. Any internal audit service that has been outsourced by the company that relates to the company’s internal accounting controls, financial systems, or financial statements, unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the company’s financial statements.
  6. Management Functions. Acting, temporarily or permanently, as a director, officer, or employee of the company or performing any decision-making, supervisory, or ongoing monitoring function for the company.
  7. Human Resources.
    Any of the following:
    • Searching for or seeking out prospective candidates for managerial, executive, or director positions.
    • Engaging in psychological testing or other formal testing or evaluation programs.
    • Undertaking reference checks of prospective candidates for an executive or director position.
    • Acting as a negotiator on the company’s behalf, such as determining position, status or title, compensation, fringe benefits, or other conditions of employment.
    • Recommending or advising the company to hire a specific candidate for a specific job (except that an accounting firm may, upon request by the company, interview candidates and advise the company on the candidate’s competence for financial accounting, administrative, or control positions).
  8. Broker-Dealer, Investment Adviser, or Investment Banking Services. Acting as a broker-dealer (registered or unregistered), promoter, or underwriter on behalf of the company; making investment decisions on behalf of the company or otherwise having discretionary authority over the company’s investments; executing a transaction to buy or sell the company’s investment; or having custody of assets of the company, such as taking temporary possession of securities purchased by the company.
  9. Legal Services. Providing any service to the company that, under circumstances in which the service is provided, could be provided only by someone licensed, admitted, or otherwise qualified to practice law in the jurisdiction in which the service is provided.
  10. Expert Services Unrelated to the Audit. Providing an expert opinion or other expert service for the company or the company’s legal representative for the purpose of advocating the company’s interests in litigation or in a regulatory or administrative proceeding or investigation. In any litigation or regulatory or administrative proceeding or investigation, an accountant’s independence will not be deemed to be impaired if the accountant provides factual accounts, including in testimony, of work performed or explains the positions taken or conclusions reached during the performance of any service provided by the accountant for the company.

On the other hand, the SEC considers assurance and related services that traditionally are performed by a public company’s independent auditor to be “Audit-Related Fees” (meaning they require pre-approval but are not prohibited outright like the other non-audit services described immediately above). More specifically, these services would include, among others, employee benefit plan audits, due diligence related to mergers and acquisitions, accounting consultations and audits in connection with acquisitions, internal control reviews, attest services related to financial reporting that are not required by statute or regulation, and consultation concerning financial accounting and reporting standards.

Best Practices

Public companies and their audit committees may consider adopting the following practices in order to help ensure compliance with the Rule:

  1. Document pre-approval procedures in a written policy, and make sure that the policy is disseminated and well-known to audit committee members, management, and the company’s auditor.
  2. To the extent an audit committee delegates pre-approval authority to one of its members, that member must ensure he/she has enough information about the proposed services to ensure compliance with the Rule.
  3. An audit committee does not need to pre-approve services as to which it has delegated authority to one or more of its members, but the audit committee must still be informed of those services. Pre-approval policies, therefore, often require that the audit committee be informed of services that have been so pre-approved at the next regular audit committee meeting.
  4. While the Rule does not require audit committee pre-approval of services to be performed by another accounting firm that is not the company’s independent auditor, management should still keep the audit committee informed of any such engagement, especially if the other accounting firm is one of the “Big Four.” Since there is a limited number of audit firms to choose from, having other firms perform services for the company may limit the audit committee’s ability to change audit firms in the short term (because under the Rule, an auditor is not independent if, at any point during the audit and professional engagement period, the auditor provides any of the prohibited non-audit services set forth above to an audit client).
  5. Although the Rule does not address fees, pre-approval policies normally address the fees to be paid for pre-approved audit and non-audit services (for example, by requiring that the audit committee approve fees that materially exceed a pre-approved range before the invoice is paid). Public companies are required to disclose the amount and type of fees paid to their independent auditors in their 10-Ks and proxy statements, and how fees are allocated may bear on the independent auditors’ independence (which audit committees are generally responsible for overseeing).
  6. To prevent problematic situations in the first place, audit committees should periodically review their auditors’ internal approval policies and procedures for proposed engagements. It may be helpful to make that review a periodic agenda item.
  7. Section 404(b) of the SOX Act requires independent auditors to audit the internal controls of their audit clients. Audit committees should be especially cautious in pre-approving internal control-related services by their independent auditors since such services could compromise the independence of the independent auditor if the independent auditor’s own work is the subject of audit procedures. For this reason, public companies often hire separate providers for internal control-related services.

If you have any questions, please email the authors directly or, if applicable, contact your primary Bass, Berry & Sims relationship attorney.