Daniel Austin Green, Whither and Whether Auditor Independence, 44 Gonz. L. Rev. 365 (2009).
“I love beginning an article with a vacuous bromide,” says one corporate governance commentator. I shall make do with a worn-out anecdote:
In the fall of 2001, just months after being named the seventh largest company in the world in the Fortune 500, trouble began to sound for Enron. The Houston-based company announced its woes in October, saying that profits had been overstated by almost $600 million over the previous five years. Things would get even worse for shareholders in the company—much worse. Enron announced that its debt payments over the next year were expected to exceed $9 billion dollars, while cash and credit lines totaled only $1.75 billion. Nearly $700 million in debt was due for repayment in just a matter of days and another $3.9 billion of outstanding debt could be demanded for immediate repayment if the company’s already-falling credit rating were to be further downgraded. Enron’s mounting troubles left little to be thankful for during the week of Thanksgiving.
Arthur Andersen, LLP, Enron’s long-time independent auditor, was quickly implicated in the scandal. As Andersen entered the picture, matters became more complicated, but Andersen also brought along deep pockets that soon came into the sights of anxious and frustrated creditors and investors. Eventually Andersen would be utterly annihilated. Once a member of the “Big Eight”—the eight largest U.S. public accounting firms—then one of the “Big Five” after mergers, Andersen’s demise would leave the accounting industry to be dominated by the now Big Four, sometimes called the “Final Four” in a glib reminder of Andersen’s fate. Each of the Final Four, also spurred by their own close encounters with corporate scandal, would learn at least one practical and highly valuable lesson from Andersen’s experience: firms quickly saw the value of spinning-off their consulting practices in an effort to avoid the same lack of independence allegations that Andersen was forced, unsuccessfully, to weather throughout the Enron scandal. %CODE2%
Many ancillary problems unfolded during the course of the Enron-Andersen scandal. Perhaps the most notable was Andersen’s document destruction: a “significant” number of Enron-related documents had been destroyed by Andersen employees by mid-January 2002. This, of course, caused the SEC to widen its investigation, no longer looking just at Enron, but now closely scrutinizing Andersen as well. But underneath all of these other distractions, the ultimate problem was the news that broke in October and November of 2001: Enron’s financial statements for the last several years materially misrepresented the financial condition of the company and the company looked to be on its last leg.
Exactly how this misrepresentation occurred is highly debatable. There is strong evidence that Enron followed the applicable guidelines, at least for the most part. Victor Fleischer has suggested that federal income tax accounting provided a much more accurate picture of Enron’s financial condition, as the company did not pay any income tax in the four of the five years preceding the scandal. This was not fraud, though—Enron simply was not making any money. Although it would be foolhardy to abandon accrual accounting for exclusive tax-basis accounting, or any OCBOA (other comprehensive basis of accounting) presentation, the Enron debacle highlights the potential extreme differences between book and tax accounting. Regardless of the semantics of who did what wrong, countless investors were duped by Enron, so “misrepresentation” is an appropriate term to use, at least in the limited sense that most investors probably could not understand what the financial statements really meant.
Enron’s management obviously bears the ultimate responsibility for the representation, or misrepresentation, of its financial condition. But management had little to lose by the time the news of the company’s condition broke; their company was basically hanging by a thread. Andersen, however, unquestionably played a major role in the representation of Enron’s financial condition. Sure, it was management who made the misstatements, but it was Andersen that issued its independent auditor’s reports providing “reasonable assurance” as to the absence of “material misstatements”—the standard wording of such letters of assurance even if it was substantively lacking. In fact, Andersen collected a handy sum exceeding $50 million annually for the services it provided Enron.
Soon the attacks against Andersen came: Andersen was not independent from Enron; Andersen was too interested in the financial condition of its client; or Andersen was too blinded by collecting huge fees from Enron to maintain the proper degree of integrity and disinterestedness while performing its duties. Andersen, presumably then, should have withdrawn from either the audit or consulting engagements to satisfy the demands of independence. But Andersen was conforming to then-current SEC guidelines. Reformulated the year before the Enron scandal broke, the SEC only required disclosure of the non-audit engagements, a standard to which Andersen conformed. Since the SEC rules did not forbid non-audit services, Andersen was in compliance, but mere (and some might say only “technical”) compliance was not enough for critics who complained that Andersen’s $27 million fees for non-audit services prevented it from being disinterested in the audit engagement. Few, however, argued that the $25 million bill for the audit itself had a similar effect on its own. But “the total fees paid to the auditor are an equally plausible measure [as non-audit fees] for the dependence of the auditor on the client.”
In the end, independence may be a problem that is impossible to solve, but financial statement insurance (“FSI”) may offer an effective way around the independence issue. Section II of this essay looks at the very nature of independence, framing the problems and consequences of making independence a goal in financial statement audits. Sections III and IV examine the practice and product of auditing, focusing on the complex relationship between auditor and client. Section V of this essay questions whether recent changes in independence standards will make any difference in audit quality in the future, concluding that it is unlikely. Section VI suggests that discussions of independence with respect to auditors might benefit from looking at the debate over the degree to which board members should be independent (or outsiders), in which case it becomes less clear that auditors must be independent. Finally, after outlining various problems that the ideal of auditor independence presents, Section VII discusses the ways in which an alternative form of financial statement attestation—FSI instead of “independent” audits—would offer the benefits of an audit, and likely an even better product, without resurrecting problems of independence.
II. The Nature of Independence, Risk Assessment, and Audit
Auditor independence might or might not be a laudable notion but, taken literally, it is impossible in the current regulatory regime. In its simplest form, independence would demand that auditors should not have any dependency with or upon their clients. Here is a textbook discussion of independence:
Independence – A Matter of Degree The concept of independence is not absolute; no CPAs can claim complete independence of a client. Rather, independence is relative—a matter of degree. As long as the CPAs work closely with client management and are paid fees by their clients, complete independence can be considered merely an ideal. CPAs must strive for the greatest degree of independence consistent with this business environment.
As practiced, auditor independence is dictated by a non-exhaustive list of considerations that indicate when the relationship between auditor and client passes the threshold of independence.
Independence is addressed by both the American Institute of Certified Public Accountants (“AICPA”) Code of Professional Conduct (in Section 101) and, more exhaustively, by the Independence Standards Board (“ISB”), Sarbanes-Oxley, and the SEC. The AICPA Code states general principles, followed by enumeration of specific examples. Sarbanes-Oxley, on the other hand, begins “Title II – Auditor Independence” with the prohibition of auditors performing “any non-audit service,” followed immediately by specific examples of non-audit services, yet also includes a very vague exemption “on a case by case basis . . . to the extent that such exemption is necessary or appropriate in the public interest and is consistent with the protection of investors . . . .” But the examples, especially those in the AICPA Code, are selective and do not offer much guidance for truly difficult cases. Enforcement of independence, however, has a long history.
Even within a CPA firm and with respect to a single client, the interpretation of traditional (i.e. pre-Enron and Sarbanes-Oxley) independence requirements may vary as among partners, managers, and staff. Actual application of the standards can be exceedingly complex and questionable: a spouse working as an officer for a client is bad, but a mortgage with the client may be alright if grandfathered; an estranged but “close” relative (including in-laws) working for the client may be bad, but having the client’s CFO as a best friend would likely pass muster. Obviously defining what types of personal relationships limit independence quickly becomes rather tricky. When the Enron scandal broke, the standards were not codified in the same manner as they are now in Sarbanes-Oxley. However, most aspects of independence remain essentially the same, though interpreted more strictly today.
Independence is discussed in two senses beyond its codification: independence in appearance (IIA) and independence in fact (IIF). The difference may be great. Some studies conclude that there exists no “convincing empirical evidence indicating the extent to which IIA is a good proxy for IIF . . . .” It has also been suggested that disclosure of non-audit services can sometimes lead to investors being influenced by disclosures that conflict with the facts, wrongly assuming that the financial statements are sound, and perhaps a function of what psychologists have called systematic biases found among groups. While the potential gulf between IIA and IIF may cloud the picture, it is not obvious whether independence in either sense can prevent systematic bias.
Enron hired Andersen as external—that is, “independent”—auditors as well as to perform internal auditing functions for the company. While public accounting firms frequently performed such “outsourced” internal auditing for companies under the then-current standards, firms sometimes declined to perform both internal and external auditing for any one client out of a concern for independence. Not so with Andersen and Enron (as with most firms). Andersen employees—external/independent auditors, outsourced internal auditors, and consultants—were a permanent fixture in the halls of Enron’s offices.
Like many accounting firms [in those] days, Andersen wore two hats at Enron. It was the company’s independent auditor, responsible for ensuring that its financial statements were accurate. It was also a financial consultant, helping Enron executives devise ways of running the business more profitably and reducing its tax bill.
Andersen auditors and consultants occupied a floor of their own in the energy company’s gleaming Houston headquarters. They carried Enron-issued electronic ID cards, mingled at office picnics—and even wore Enron golf shirts.
Although not prohibited from doing so prior to the Sarbanes-Oxley Act, some accounting firms felt that such a relationship would impair the firm’s independence, or at least the appearance of independence, with respect to the client. But this was certainly a minority view. Often, this was the outcome of case-specific determination, not a firm-wide practice.
Auditors operate in a busy maze of formal and informal guidelines, ranging drastically in their degree of specificity. Generally Accepted Auditing Standards (“GAAS”) require auditors to assess the overall level of risk associated with any engagement along with the risk for each individual class of account subject to the audit. Accounting Principles Generally Accepted in the United States of America (“GAAP,” the acronym deriving from the former name: Generally Accepted Accounting Principles) is an extremely loose set of practices. Although GAAP is the “standard” of financial accounting, it has never been compiled into a single body of rules. In fact, GAAP is quite amorphous and actually encompasses an infinite universe of guidance operating at varying levels of specificity and authoritative value. GAAS, on the other hand, refers to ten quite specific standards: three General Standards, three Standards of Field Work, and four Standards of Reporting. These standards have remained virtually untouched since their adoption by the AICPA in 1947. Many of the Statements on Auditing Standards (“SAS”), promulgated by the AICPA’s Auditing Standards Board (“ASB”), provide somewhat more specific guidance on the application of GAAS. Guidance is also provided by many sources that are part of the “GAAP hierarchy,” as well as the forthcoming codification of GAAP:
For many historical reasons, GAAP has become a minimally organized collection of many kinds of accounting pronouncements, . . . as well as “widely recognized and prevalent” industry practices that are not the product of any formal standard-setting practice. The present components of GAAP vary greatly in format, structure, completeness, authority and accessibility. As a result, practicing CPAs and financial statements preparers who attempt to apply GAAP often find themselves confused and frustrated. Likewise, accounting students frequently struggle to learn GAAP.
. . . .
One often-overlooked aspect of the codification is that it will eliminate or flatten the GAAP hierarchy . . . Under the codification, there’s no distinction—all standards are uniformly authoritative.
GAAP will no longer be ambiguous, but rather a single, if still continually growing and changing, code. But even under the new regime of the codified GAAP, the evolving nature of GAAP will remain a part of the complex contours of financial statement accounting, even if now collected formally. Codification may add rigidity, but whether it will offer greater precision and clarity is yet to be seen. GAAS, however, applies only to auditors and remains limited to the ten formal standards. Although long-codified, the GAAS standards are certainly more “principles” than “rules.”
The view that non-audit services increase an auditor’s understanding of a client and the efficiency of an audit has certainly been attacked in literature. But more detail on exactly how such knowledge can improve an audit might shed some light on why this is more than just a protectionist argument made by accounting firms or intuitive appeal that cannot stand up empirically, as some authors suggest. In essence “[C]ongress is substituting its judgment regarding what services a company can purchase from its auditor for that of corporate boards or shareholders.” Moreover, the empirical evidence strongly “suggest[s] that [Sarbanes-Oxley’s] prohibition of the purchase of non-audit services from an auditor is an exercise in legislating away a non-problem.”
Notwithstanding such evidence that prohibiting non-audit services is unnecessary, what reasons might there be to affirmatively support the provision of non-audit service? I do not address the advantages of performing non-audit services for audit clients in this essay from the perspective of economies of scale and scope, although the value of efficiency remains well-instantiated in the professional and academic literature. My argument is not economic; rather it is designed to fit squarely within the GAAS regime. I am not proposing to change the goals of auditing, but rather I am making an argument from within auditing’s own history, theory, and rules. This part of my argument is, therefore, inherently practical (since it incorporates the standards governing practitioners) instead of theoretical (i.e. economic). In short, I believe that providing non-audit services for audit clients is not merely consistent with GAAS, but actually furthers GAAS’ objectives—and that is a good thing.
Audit risk (AR) is the product of three distinct types of risk: detection risk (DR), control risk (CR), and inherent risk (IR):
Detection risk is the one area that concerns the auditor’s activities alone; it refers to the risk that material misstatements will not be detected by the procedures employed by the auditor. Control risk, on the other hand, is an assessment of the likelihood that a material misstatement will not be detected by the internal control procedures employed by the client. Inherent risk represents the potential that a material misstatement will not be discovered, assuming that no control mechanisms are in place. For instance, cash is more likely to be stolen than a raw material such as flour; warehoused ingredients and products are certainly valuable, but they are not as easily concealed, removed, transported, or exchanged as is cash or other highly liquid assets. Thus, at the entity level, financially complex enterprises such as an investment partnership or a bank may have a greater degree of inherent risk than a manufacturer.
The level of detection risk determines the number of substantive tests the auditor will perform. But the risk relationship is always somewhat malleable, being only theoretical or conceptual, and typically not actually quantified during the course of an audit. Furthermore, the risk evaluation is also ultimately determined by a factor overriding virtually all aspects of an audit—auditor judgment—making it even more elusive as a practical matter or to the novice. Auditor judgment is a real, widely-discussed, and integral component of a successful financial statement audit, but it necessarily remains a difficult standard to enforce and is difficult to limn for, and cultivate in, young staff.
A great deal of literature exists on the psychological factors involved in expertise, and a more tailored literature that applies the psychological understanding specifically to auditors. Key to understanding what it takes to be an expert is the well-documented result that expertise is far from being perfectly correlated with experience. “Having an adequate grasp of domain knowledge is obviously a prerequisite for being an expert,” but “it is not sufficient for expertise. Many novices know a great deal, maybe even as much as experts. In other respects, however, they lack what it takes to behave as experts.” This effect is even more pronounced in auditors than in broader populations, and the critical role that auditor judgment, itself a form of expertise, plays in an auditing makes expertise in auditors very important. While a minimum level of experience is required for one to credibly be called an expert, either colloquially or in the exhibition of sufficient traits in the experimental research, the research demonstrates that the actual degree of experience required is surprisingly low. Judgment is developed by exposure to diverse situations. Thus, experience performing non-audit services could help better develop judgment in young auditors. Broad exposure to many situations reinforces what is normal and when exceptions are justified; knowing “when to deviate from a strategy or make an exception to a rule” is said to be one of the key distinctions between experts and novices.
Despite its seeming intractability and its tremendous reliance on auditor judgment, audit risk is a fundamental concept, influencing many aspects of an audit, from the initial audit planning to final analytical review. Audit risk directly influences how much substantive testing is to be performed on transactions occurring during the period under audit. Demanding a low level of detection risk, for instance, will result in more substantive tests, while a higher threshold for detection risk will require less substantive testing.
Detection risk varies inversely with inherent and control risk. That is, if inherent or control risk increases, the acceptable level of detection risk—the risk that the external auditor will not find a material misstatement—will decrease. Instead of speaking about a fixed amount, detection risk is usually discussed in terms of an “acceptable level” because it relates to external auditing procedures. Thus, an external auditor’s acceptable level of detection risk will likely be higher for a client with low levels of inherent and control risk. In other words, a client that has less inherent risk and/or greater levels of control procedures and effective internal auditing to test those procedures will generally cause an external auditor to allow a higher degree of detection risk, as is manifested by fewer substantive tests.
Beyond increased revenues, there is a potential value to the public accounting firm in providing internal audit services to an external audit client, lying particularly in the control risk assessment. Although this can be fashioned as an efficiency argument (i.e. providing non-audit services makes it easier or more efficient to asses control risk), I believe the stronger, GAAS-furthering argument is structural or incentive-based. Only by the audit firm providing non-audit services can the auditor’s and client’s incentives be aligned such that control risk can be adequately assessed. “[D]etection risk is the only risk that is completely a function of the sufficiency of the procedures performed by the auditors.” Most of the audit risk is a function of the client, not the auditor’s competence. “It is important to realize that while auditors gather evidence to assess inherent risk and control risk, they gather evidence to restrict detection risk to the appropriate level. Inherent risk and control risk are a function of the client and its operating environment.” Better assessing inherent and control risk does promote efficiency, but efficiency is a positive externality, not the crux of my argument.
In addition to the value of non-audit experiences to cultivate auditor judgment in young auditors, the knowledge obtained provides even the most experienced (and those with the best judgment) a better basis on which to plan the engagement. By helping to implement control procedures, such as through an agreed-upon-procedures consulting engagement, the audit firm may gain (or lose) faith in the control procedures in place, thus lowering (or raising) control risk and, in turn, audit risk. Once control procedures are in place, internal auditing describes the process by which the efficacy of those procedures is tested and verified to ensure that the control procedures are actually minimizing or mitigating the inherent risk associated with the account. The greater the procedures—and the better the internal auditing—the lower the level of acceptable detection risk to the external auditor. As the auditor’s faith in the procedures is strengthened, her desire to perform extensive substantive testing is weakened, that is, she will tolerate a greater degree of detection risk and thus employ less substantive testing.
When internal auditing procedures are implemented by a client, the external auditor will always test those internal auditing procedures and also directly test and evaluate the underlying control procedures that the internal audit procedures purport to test. The auditor should never merely assume that control procedures are good or that internal audit procedures adequately examine the controls the client has implemented. The reliance on client procedures and their results, for both internal control and internal audit, is not one taken lightly. But if, after careful consideration, the external auditor is satisfied that (1) the control procedures are tailored so as to try to mitigate and/or monitor inherent risk, (2) the control procedures have been effectively implemented, and (3) the internal audit procedures are properly designed and executed so as to test (1) and (2), the external auditor may assess detection risk at a lower level, thereby lessening the extent of the external auditor’s own test procedures.
When detection risk is lower, the number of substantive tests performed by the external auditor will normally decrease. Thus, if the external auditor is in a position to know that control risk and inherent risk are low, such as having worked with or coordinated internal auditing efforts, the external firm will be able to perform an audit with the same level of assurance, but with less substantive testing and less billed time. Surely everyone wins in this situation. But third parties relying on the financial statements are the biggest winners, because the auditor has a better understanding of the client’s operations with which to base their opinion where the auditor and client have a mutual interest in ensuring the auditor has the most information about the client possible.
Under the current standards, malfeasant clients have an incentive to hide certain actions from their auditors. Were the auditors also performing non-audit services, however, this incentive could be reduced. Auditor deception would certainly still be possible but, short of outright fraud, full disclosure of accounting treatments and methods the auditors might question is encouraged during the course of performing other services. A client may be reluctant to voluntarily release to auditors unrequested information about tough problems that could affect the bottom line, but clients’ employees should have less reluctance to share such matters with a consultant being paid to (ultimately) help improve net income. This holds true even if the consultant, or another employee of the same firm, also serves as the client’s external auditor. Such a consultant, even if also from an independent audit firm, is generally in a position to obtain better information about the client’s operations from the client’s employees. When working as a consultant, rather than auditor, you are perceived as part of the cooperative venture to improve operations rather than the auditor who is solely there to “check up” on employees. No doubt, some employees view consultants similarly, but skepticism of consultants is not as deep or widespread as that of auditors.
Consultants will generally be evaluated on the degree to which they improve efficiency and profits, while auditors perform a costly, not cost-effective, service. While the motivations of consultants and their clients are symmetrical, auditors do not have the same incentives (e.g. increased profit for the client) as a consultant. But motives of corporate actors are often complex. For instance, it has been argued recently that some types of whistleblowing are functionally equivalent to insider trading. Instead of treating insider trading and whistleblowing differently, we might justifiably treat them the same under the law because they both alert outsiders to fraud and corruption within a company. In contrast, blackmail should remain punishable because it acts to discourage broader discovery of malfeasance. In short, the analysis and judgment of corporate actors should focus on the knowledge they bring to light, not on their motives, which may not be as pure as they are often represented. Similarly, our analysis of the role of auditors should not be founded in romanticized notions of the motivations, interests, and public-spiritedness of auditors, but rather in the quality and efficacy of their procedures. In other words, the information the auditor brings to bear (or, more precisely, the quality of their attestation of such information) should matter far more than their reasons for doing so, if the latter should be given any weight at all.
In reducing the asymmetries of motivations between auditor and client by allowing audit-firms to perform additional non-audit work, we may lose the fictional notion of the auditor (a Certified Public Accountant) with loyalty to the public over the client yet obtain better audits, which ultimately helps the investing public much more than public accounting’s noble lie of independence. Surely this is a trade-off investors—and the public—would be willing to make.
The assessment of audit risk begins at the earliest planning stages of an engagement, though it may later be modified. However, later modification that increases the assessed level of audit risk may result in having to perform additional and alternative procedures on parts of the audit already undertaken. The decision to alter the audit plan based on a client’s procedures is a very serious one, whether it be a decision to increase or decrease the scope of the auditor’s own tests. And surely an external auditor has more knowledge upon which to base such a determination if she has been actively involved in the design, implementation, and testing of client-procedures. Thus, it would seem that auditor involvement in the client’s activities would promote the very knowledge that allows an auditor to be more effective (not merely more efficient) in exercising her task. The audit, then, can be enhanced and streamlined by the auditor’s involvement in the provision of other non-audit services including the now-prohibited outsourcing of internal auditing functions.
Reports on attestation services provided by CPAs offer only exceedingly narrow opinions, although precisely what kind of assurance is conveyed varies with the service provided. Audit reports follow a rigid pro forma structure with virtually no range of opinions to state. While audit reports probably reach the broadest audience, they almost always express an “unqualified” (or, synonymously, “clean”) opinion, but such a report contains no detail about the auditors’ findings beyond the assurance that no “material misstatements” were discovered. The Accounting Standards Board has issued an entire statement called “The Meaning of Present Fairly in Conformity with Generally Accepted Accounting Principles in the Independent Auditor’s Report.” Even this report, however, offers little concrete authority. The accounting treatments in the financial statements should “have general acceptance,” “[be] appropriate in the circumstances,” be “informative,” be “classified and summarized in a reasonable manner,” and “reflect transactions and events within a range of reasonable limits.”
Importantly, the auditor is not making a guarantee or certification that no material misstatements exist—an assertion that management is making, at least implicitly. In fact, management is making five distinct assertions about the financial statements: (1) existence/occurrence, (2) completeness, (3) that the company has rights to the assets and obligations for the liabilities, (4) proper valuation/allocation, and (5) appropriate presentation and disclosure. In each case, the auditor is merely attesting that they did not obtain material evidence to the contrary, not that management’s assertions are in fact correct. Other “assurance services” provided by auditors provide even less certainty. Similar to audit reports, review reports express only “limited” and “negative” assurance. Also, to even less of a degree than audits, as a review’s scope of procedures is narrower than an audit, review reports generally do not even include substantive testing of account balances. Compilations entail still fewer procedures and offer even less assurance.
The final category of assurance services is a catch-all: agreed-upon-procedures. These services are exactly what they sound like, services of a customized (“agreed-upon”) nature that are negotiated between the client and CPA. Unlike the pro forma reports of audits and reviews, agreed upon procedures reports are as customized as the underlying services so as to more precisely convey the findings of the CPAs, detailing both the procedures performed and the auditors’ findings. While auditors may also report separately from the audit report to management or the board of directors, the information is typically not as detailed as in an agreed upon procedures report. The scope of investigation in an agreed upon procedures engagement is unlimited, and often management is interested in such engagements precisely to delve deeply into a matter, usually much deeper than might be material or otherwise of interest to an auditor. Why, then, should this wealth of information be automatically foreclosed from the external auditor? A client should certainly be permitted to engage a separate firm to perform such non-audit work, but why must they?
Again, I do not deny that increased efficiency in auditing is also a product of auditors performing non-audit services. But I am trying here to make an argument that the level of detail and knowledge obtained in performing non-audit services result in better audits, not just audits that require less-slavish hours by the audit team. The audit efficiency comes from possibility to decrease the amount of substantive testing, but there is a great deal more to an audit than substantive testing. One of the auditor’s most powerful set of tools goes under the name of “analytical procedures.”
“Analytical procedures involve evaluations of financial statement information by a study of relationships among financial and nonfinancial data” and refer to virtually any type of analysis other than conventional substantive testing of account balances. Under SAS 56, analytical procedures are a required part of any audit engagement. Errors found in substantive testing can result in additional substantive testing, a projection of errors to the total population, suggested adjustments from the auditors, or some combination of these. But the absence of errors in substantive testing, which includes only small samples of the population, does not give sufficient evidentiary basis on which to issue an unqualified opinion in accordance with GAAS. Analytical procedures are a required part of any audit and should be performed in the audit planning stage, in the examination of individual account balances, and in the final review of the audited financial statements.
Analytical procedures offer the auditor a way to dramatically increase the level of assurance obtained in an audit, but these procedures take time, sometimes more time than conventional substantive testing. My argument in favor of potential relaxation of independence starts with GAAS, not economic efficiency arguments. However, it is also self-consciously not an economic argument because I assume that any audit firm’s reputational concerns are sufficiently high to place the firm, and its principals, on a high indifference curve, with relatively inelastic preferences for reputational preservation over decreased work (in hours per engagement), such that an audit firm with greater knowledge of (and confidence in) a client’s internal control will nonetheless exhibit substantial indifference to decreasing the firm’s hours worked on the engagement. Put simply, I assume that audit firms care more about preserving their reputations than about cutting down on hours worked. Whether hours worked are for audit or non-audit services does not seem to be the most important factor. In fact, recent studies indicate “a statistically negative relation between measures of auditor independence . . . and earnings quality.” These “results are most consistent with auditor behavior being constrained by the reputation effects associated with allowing clients to engage in unusual accrual choices.” Therefore, auditors’ reputational concerns override the supposed “capture” or “golden silence” of audit firms by the large fees they receive. Given efficiency, auditors still care about reputation and may employ greater analytical procedures, especially for their most complex clients—like Enron—whose transactions and accounting estimates are the most difficult to analyze.
Auditors may well decrease the number of hours worked in the audit engagement based on knowledge obtained in performing non-audit services, but this decrease will only be marginal and the firm will stay at or near the same high budget constraint so as to remain on the same high indifference curve with respect to hours versus reputation. Even if the auditor were to feel confident enough to allocate a lower budget constraint to a specific audit, the presumed inelasticity of the audit firm’s indifference curves would mean that such an effect would only have a minimal impact on the number of hours worked. In the end, the auditor in this scenario faces an audit that has the potential to be performed much more efficiently, yet may work almost as many hours as in the case of an inefficient audit. With audit resources and concerns (i.e. hours worked and reputation preservation) remaining nearly constant, a more efficient audit also means a higher quality audit.
Increased substantive testing brings only marginal increases in the level of assurance obtained by the auditor. Thus, analytical procedures would likely be employed over simply increasing substantive testing in light of increased efficiency. Analytical procedures are a fundamental part of any audit or even a review (another, lower-level, assurance service commonly performed by CPAs, including the quarterly filings of SEC-regulated entities). Audit practice standards require analytical procedures in the planning stages of an audit, permits or even encourages them as part of substantive examination of specific account balances, and requires them, most importantly, at the final stage of an audit. Analytical procedures incorporate tests and calculations that draw on the insights and methods of various fields, including economics and finance. Analytical procedures encompass everything from looking at ratios among various balances within and between companies to multiple regression models to comparing actual results to expectations that the auditor develops. Instead of a traditional vouching and tracing test for completeness and accuracy of specific account balances, analytical procedures, at the specific account level or in the aggregate, often take a more holistic look at the numbers of interest and offer the CPA a way to judge comparability, consistency, and accuracy of an entity’s financial records with respect to both itself and its peers, both at present and over time. While abnormalities certainly do not mean there is fraud present, analytical procedures and any abnormalities they uncover help the auditor find the areas most susceptible to hard-to-discover cases of fraud or accidental misstatement.
Analytical procedures may employ statistical, financial, economic, or logical analysis. Even if an account balance performed well under substantive tests, analytical procedures concerning the balances might result in an indication of abnormality. For example, the search for unrecorded liabilities is obviously an important test, but it is also one commonly assigned to the most junior auditor on the team, someone who may not yet have a public accounting license. Even assuming the search was thorough, subsequent analysis of the entirety of the liabilities accounts might show abnormalities in the aggregate. There is no defined set of analytical procedures to apply to audit engagements and it would be quite unrealistic to expect the same procedures to apply to all clients, even clients within the same industry or otherwise similarly situated. Analytical procedures are contingent on the auditor’s abilities to perform them and the judgment of which types of procedures to employ. Analytical procedures, however, remain potentially the most powerful tools in the auditor’s bag of tricks. Assuming the modest and well-supported constraints that I have on auditors’ preferences for reputational preservation, increased audit efficiency will most readily result in increased analytical procedures.
These results hold true regardless of whether the “internal” audit procedures that allow for increased efficiency in the “external” audit are performed truly in-house by the client or whether the external audit firm is separately engaged to perform them. But, alas, the picture is not quite so simple. While the scenario of the external auditor who also performs internal auditing procedures is appealing, streamlining the audit and saving the company (and, in turn, shareholders) significant auditors’ fees, it avoids answering the more fundamental question: is the auditor really independent? Conventional wisdom might say that there’s something not-so-independent about this relationship, but only after Sarbanes-Oxley is such a relationship expressly forbidden. Independence, it seems then, is, just like audit risk and auditor judgment, rather difficult to understand, creeping up over and over again in many different ways.
Independence may be a virtue but, if it is, it comes at a greatly increased cost for the audit. It may also include quality tradeoffs, as I just described. If independence is essential to an effective system of corporate governance, it is desirable. But I question the age-old assumption of the essential nature of independence. What defines true independence is a separate and perhaps even more difficult question. Although independence may have a valuable role to play in regulating the external auditor’s role in corporate governance, undue restriction on the types of professional engagements an external auditor may enter into with their clients may not adequately capture the true costs and value of independence.
III. Audit Adjustments and the Peculiar Relationship between
Auditor and Client
In the end, financial statements are management’s responsibility. An external auditor is engaged to provide assurance as to the absence of material misstatements in the financial statements, but the financial statements are, ultimately, the assertions of management about the financial well-being of the company. Still, auditors regularly guide management in adjusting those statements before the auditor will issue an unqualified opinion. Nudging of management often occurs with respect to disclosures (i.e. notes) to the financial statements, not merely adjustments to the numbers. In fact, sophisticated audit clients generally have a full set of financial statements that are often subjected to fewer numeric adjustments by the auditors. Adjustments need not result in changes to the statements themselves; mere disclosure of an aggressive accounting treatment or a class of holdings or pending litigation may be enough to mollify a questioning auditor. This careful process of management trying to satisfy the demands of the auditor and the auditor trying to please management, each giving in just enough to the desires of the other, highlights the somewhat unusual nature of the relationship between public accounting firms and their audit clients.
The firm-client relationship can certainly be criticized, but my description remains accurate nonetheless. The highest duty of a CPA is to the public, not the client. According to the U.S. Supreme Court in United States v. Arthur Young & Co., “[by] certifying the public reports that collectively depict a corporation’s financial status, the independent auditor assumes a public responsibility transcending any employment relationship with the client.” Of course, this view has been challenged, too:
[A]uditors are still asked to . . . treat the public as master, though engaged and paid by another master—the audited corporation . . . [However,] the law should be reformed so that auditors recognize proper incentives and serve only one master, a master whose own interests are aligned with those of the investing public.
This stated priority or duty of the CPA to the public further illuminates the inherent conflict of interest under the current regime and has, rather aptly, been called the “basic schizophrenia in the regulatory structure.” Although not adversarial in the conventional sense, the external auditor-client relationship is perhaps best viewed as a negotiation of sorts. During the course of an audit, members of the audit team will meet with management to discuss changes and disclosures that the financial statement auditors suggest as a result of their audit. The list will often include more changes and disclosures than would be necessary in order to satisfy the auditor enough to issue an unqualified opinion, but management—particularly the management of a sophisticated client—will generally stand quite firmly behind the existing set of financial statements.
What ensues between auditor and client is something like a bargain. Proposed changes are discussed; if the auditor feels strongly about a particular change or disclosure, she will likely argue more forcefully for it but will concede on other points. Financial statements “present fairly, in all material respects” the financial goings-on of the entity. They are not perfect. Materiality is often relevant and a great many matters are questions of judgment, where both the auditor’s and management’s differing opinions may actually be both reasonable and supported by GAAP even if their variance is significant. Situations like this are precisely the type of matters that might result in disclosure in the notes to the financial statements. In the end, both sides have likely ceded some ground on a number of counts, resulting in a change to either an account or a disclosure, until the auditor is sufficiently comfortable to issue an unqualified opinion on the management’s financial statements.
Materiality is an overriding concern of the auditor throughout any engagement. Indeed, the auditor’s opinion letter only attests to the lack of “material misstatements” detected during the course of an audit. Materiality is to be considered at every stage of an engagement. That means that materiality is of concern to every account but also at each degree of specificity—individual transactions, account balances, and the financial statements as a whole.
Both materiality and independence are overriding concerns in any audit engagement. Independence, however, is implicated unfavorably in making audit adjustments. For whom are they being suggested and made? At what cost? To what end? The CPA auditor is ostensibly insisting on these changes for the good of the public, yet they are being paid directly by the private client. Even if we consider that CPAs may, in fact, further shareholders’ interests, we cannot say with any certainty that the shareholders want or feel that they need such services, as they are currently compelled by law for publicly-traded corporations.
Are we truly left, in our complex system of financial regulation, to rely on the assumption that CPAs are public-spirited and not self-interested—that they value the trust of the public above the client that pays them? How can we have such faith in this legal fiction as the sole leverage a CPA has against a client and their direct financial interest in that client through the collection of audit fees? Fixing independence does not have to mean puffing up an idealized notion. Fixing independence can also consist of recognizing the complex motivations and incentives and working within the regime to align asymmetrical interests in a constructive manner.
IV. Disclosure: Whose Fault Was It?
One problem at Enron seems to have been that individual transactions were immaterial and perhaps even entire account balances were also immaterial. While some amounts were directly attributable to specific ventures, nearly $100 million of adjustments came from “immaterial” “adjustments and reclassifications”: 
The changes came largely from including results of two special purpose partnerships that it had treated as being independent—companies called Jedi and Chewco, after characters in the “Star Wars” movies—and of including a subsidiary of a partnership called LJM1. That partnership, and another called LJM2, were run by Mr. Fastow.
The remainder of the earnings reductions, totaling $92 million from 1997 through 2000, came from what Enron called “prior year proposed audit adjustments and reclassifications,” which appear to have been changes previously recommended by Arthur Andersen, Enron’s auditors, but not made because the auditors were persuaded the amounts were immaterial. Details of those charges were not disclosed, and Enron said it might further alter its reporting as a special board committee continues its investigation of the partnership transactions.
Clearly, though, disclosures were not made of transactions that were material—at least in the aggregate—to the company and, of course, to the company’s shareholders. The existing evidence does not seem to make a particularly strong case that Arthur Andersen was innocent in the misrepresentation of Enron’s financial condition. Financial statements are, however, still the responsibility of management as Andersen’s opinion letters, like such letters from any public accounting firm, unambiguously stated. In the end it seems fair to say that Andersen was at least complicit, if not deeply entrenched, in the misrepresentation of Enron’s financial condition.
Andersen’s audits are obviously not the model for an external auditor, especially considering the firm’s dark fate. But Andersen’s presumed dereliction of duty in its corporate governance role does not answer the questions of independence: was there a lack of independence in this case and, if so, was it the cause of Enron’s financial problems? I do not think that independence was compromised, even though Andersen’s actual performance seems to have been compromised. As already mentioned, the only restrictions in place at the time were disclosure requirements for non-audit services performed by the external auditor. Beyond this technical legal standard of independence, in this essay I have argued and will maintain that Andersen was not non-independent by challenging the conventional notion of independence in three ways:
1. Questioning the fee and payment structure of the auditing process, suggesting that it is inherently non-independent in its current configuration, though nearly uniformly ignored;
2. Arguing that independence may not necessarily be the virtue it is thought to be, suggesting instead that “inside” auditors (analogous to “inside directors”) may be a viable, alternative conception of an auditor’s desirable characteristics; and
3. Asserting that some of the activities now specifically prohibited under Sarbanes-Oxley under the mantle of providing for independence in external auditors may in fact foster improved (and more efficient) auditing.
If we are to be serious in our efforts to prevent future accounting scandals, we must question the very system that allowed the many scandals of the last decade to occur. Sarbanes-Oxley did not offer real reform so much as it simply ratcheted up the existing, and failing, regime. Specifically, Sarbanes-Oxley challenged no fundamental assumptions about the relationship between auditors and their clients. While purporting to ensure greater independence of auditors, the question of whether greater independence was in fact needed was left completely unasked.
Might there be a way to challenge fundamentals, and also allow experimental corporate governance structures, even while ensuring greater protection for those who suffer from such corporate failures? In the rest of this essay, I explore the contours of different assumptions about corporate governance and, finally, advocate one particular innovation as an opt-in measure that publicly-traded corporations should be allowed to adopt.
V. Sarbanes-Oxley: Could Enron Happen Again?
Sarbanes-Oxley was passed in 2002, in legislative response to Enron and other corporate accounting scandals. Among many other things, Sarbanes-Oxley specifically limits the types of engagements that public accounting firms may perform for their audit clients. Under the new regime, internal audit procedures performed by an external auditor are expressly forbidden, along with many other consulting arrangements purporting to ensure the independence of the external auditors. But does such a standard actually ensure independence? If it does, would such a standard prevent a scandal like Enron from happening if audited by a complicit, even if independent, accounting firm? I am not at all convinced that Sarbanes-Oxley ensures independence or provides any assurance that a scandal virtually identical to Enron could not happen again. Neither is Roberta Romano who, in discussing independence and other Sarbanes-Oxley “reforms,” concludes that current law is taking us to a “quack” system of corporate governance.
Sarbanes-Oxley at least purports to provide some guidance as to what auditor independence is to consist of, devoting a separate title just to this topic. The Act specifically forbids many activities that previously only required disclosure under the SEC rules in force at the time of the Enron scandal. Among the provisions is this non-exhaustive list of specifically forbidden engagements:
(g) Prohibited Activities.—Except as provided in subsection (h), it shall be unlawful for a registered public accounting firm (and any associated person of that firm, to the extent determined appropriate by the Commission) that performs for any issuer any audit required by this title or the rules of the Commission under this title or, beginning 180 days after the date of commencement of the operations of the Public Company Accounting Oversight Board established under section 101 of the Sarbanes-Oxley Act of 2002 (in this section referred to as the ‘Board’), the rules of the Board, to provide to that issuer, contemporaneously with the audit, any non-audit service, including—
(1) bookkeeping or other services related to the accounting records or financial statements of the audit client;
(2) financial information systems design and implementation;
(3) appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
(4) actuarial services;
(5) internal audit outsourcing services;
(6) management functions or human resources;
(7) broker or dealer, investment adviser, or investment banking services;
(8) legal services and expert services unrelated to the audit; and
(9) any other service that the Board determines, by regulation, is impermissible.
(h) Preapproval Required for Non-Audit Services.—A registered public accounting firm may engage in any non-audit service, including tax services, that is not described in any of paragraphs (1) through (9) of subsection (g) for an audit client, only if the activity is approved in advance by the audit committee of the issuer, in accordance with subsection (i).
The independence standards under Sarbanes-Oxley may seem somewhat artificial, but no more so than previously existing standards of independence. Independence, one may intuit, requires an independent attitude and freedom from direct or substantial indirect conflict but would also include the appearance of independence, which might result in stricter application, at least in some cases. For instance, two cousins—one an auditor and the other a CEO of a publicly-traded company—are not sufficiently consanguineous to be considered non-independent, yet conventional (i.e. pre-Sarbanes-Oxley) independence analysis could lead one to conclude that the auditor should refuse to audit the CEO’s company where, for instance, both shared a surname and were well-known in the community to be relatives and readily associated with one another by the public, even if the actual familial relationship was too distant to fail under strict independence analysis. This is a classic hypothetical situation in which there is not actual impairment of independence, but the engagement might properly be refused in order to maintain the appearance of independence. This, of course, is also yet another example of the critical role auditor judgment plays, even in making the initial decision of whether or not to take an engagement.
Without a drastic change in the way auditors are engaged—a change that Sarbanes-Oxley does not address at all—true independence will never exist in the most fundamental manner: auditors receive their fees when, and in reality almost always only if, they issue an unqualified report on the financial statements. “Ultimately, satisfying a client requires rendering an unqualified opinion.” Without remedying this fundamental codependence of the two entities, auditors will never actually be independent. External auditors always have a strong incentive to issue an unqualified opinion on the financial statements of their clients—an incentive possibly strong enough to push a borderline set of financial statements just far enough to be considered “free of material misstatement” to an auditor that loses sight of integrity and professional standards.
Of course, most auditors—and any with integrity—will turn down engagements where they do not expect that they could issue an unqualified opinion in good faith. But that does not solve the problem of the borderline set of financial statements—either clients that turn out to have financial statements with more problems than were anticipated, or clients that engage less reputable accounting firms. “Opinion shopping” is a well-documented occurrence in which clients of dubious repute interview auditors until they find one that basically guarantees to issue a clean opinion before the audit is even started. Sarbanes-Oxley makes no effort whatsoever to address this problem. Thus, the fact that the fees are coming directly from the subject of the audit seems to be the largest source of independence impairment, yet the one that is uniformly ignored in the literature and scarcely addressed by Sarbanes-Oxley.
Changing the model of auditing so drastically that it would remedy the fee-from-auditee problem is a monumental project, though not one that is without existing advocates. Most prominent, or at least the most probable or practical, among such proposals might be single-payer systems, with the federal government likely paying the bill (although most would have the audited companies paying into the government fund, too). On the whole, though, practitioners and scholars alike remain fairly taciturn on the issue of questioning who should pay an auditor’s fees. Therefore, there is virtually no foreseeable threat to the status quo. I believe independence is probably the most fundamental problem to the practice of auditing, but few agree. I refer to independence as a “problem,” yet I do not believe independence is even necessary; the paradox of auditor independence is dual, rooted equally in its impossibility and superfluity, notwithstanding its grand and ennobling pretensions of a practice and profession in loyal service to the public.
One of few legal scholars who spends any significant amount of time questioning the very nature of auditor independence is Sean O’Connor. But O’Connor’s polemical retelling of the history of accounting chartering, certification, and licensing borders at times on an indictment against the whole “profession” of public accounting. While O’Connor’s story—including the need for auditing to return to a signaling mechanism—generally comports with my understanding and inclinations, in this essay I am starting with the existing, modern system of auditing, warts and all, and suggesting a very incremental change. I embrace, perhaps self-interestedly, the profession of public accounting, even while suggesting possible abandonment of a key precept (independence) and suggesting, in the meantime, allowing for an opt-out from the current system.
From the earliest days of mandatory audits in the U.S., long prior to United States v. Arthur Young, accountants were clearly not seen as having a public duty apart from the duty they owed the parties who paid them. Many other professionals, such as physicians and attorneys, do, of course, receive fees directly from their clients or intermediary agents acting on the client’s behalf, such as insurance companies. But in almost all professional relationships, the client and the professional have allied interests—they are on the same team. The auditor, however, is in a quasi-adversarial posture to the client. Although both auditor and client wish for a clean opinion, the audit is not for the benefit of the company itself, but is rather for shareholders and (potentially) the investing public at large. Doubtless, companies and members of management stand to experience direct and indirect benefits from an audit. Audits are valuable even when not required, and the process of auditing calls potential sources of future problems to the attention of management. But, in the end, required audits such as those of SEC-registered companies are required for the benefit of those outside the executive suites and board rooms.
Even setting aside concerns about what Sarbanes-Oxley does not address, we are still left to wonder if the restrictions it does impose are the right ones. It is impossible to know what circumstances may be of greatest interest in any particular situation, but Sarbanes-Oxley imposes very broad restrictions on the types of services that may be performed. As already discussed in Part I of this paper, some types of non-audit procedures or engagements might assist the auditor in their audit. Other current services specifically prohibited might not aid, but neither would they likely hinder the auditor or impair the auditor’s judgment, such as providing actuarial services. Sarbanes-Oxley tells us, in effect, that auditors may do almost nothing else, at least for their audit clients, than attest to the financial statement assertions, taking as a given that this restriction is beneficial. But Sarbanes-Oxley does not tell us how these provisions will prevent future scandals. Mounting empirical evidence (from both before and after recent accounting scandals) in accounting literature tells us that performing non-audit services for audit clients has no impact on audit quality and may in fact promote it. Romano has already introduced much of this literature into the legal discourse and provided more extensive commentary on it.
A critical axiom in the social sciences is that correlation does not equal causation. Likewise, the fact that Andersen performed both internal and external auditing for Enron does not mean that it had anything to do with the misstatements or Andersen’s acquiescence in the matter. One datum does not a regression make. Performing internal auditing for a client may well promote higher quality and more efficient external audits. Certainly the objection that Andersen received $27 million in non-audit fees from Enron looms large, but even this criticism loses much of its bite when we recall that Andersen received another $25 million from the audit alone. But even very large audit fees do not have a correlation with lower quality audits.
Simply put, there seems to be little, if any, evidence that the auditor independence standards of Sarbanes-Oxley squarely address the problems they purport to solve. There is nothing in the facts to indicate that Andersen would have acted any differently had they not also been performing Enron’s internal audit functions. We might reasonably conclude that had Andersen not been performing both internal and external auditing they would have probably known even less about the transactions at issue. At best then, Sarbanes-Oxley seems to promote higher audit fees. At worst, it may promote poorer knowledge by auditors and poorer quality audits.
VI. Independence: What is Good Enough for the Board is Good Enough
for the Auditors?
Independence in other topics in corporate governance, such as board composition, is not so widely assumed to be a virtue—many do believe independence to be good, but many others do not. It remains a hotly contested question whether the members of a company’s board of directors should be independent in whole or in part. Sarbanes-Oxley, however, limits the ability to implement an “inside” director model, either for the board or an analogue for auditors. The terms “inside” and “outside” are also common (and used interchangeably) with the terms “non-independent” and “independent” in reference to both board members and auditors. Still, some non-independent board members are acceptable, even under Sarbanes-Oxley. Perhaps independence means something somewhat different in the context of a board than it does in the context of external auditing but surely they are at least analogous applications of the word. As philosopher G.E.M. Anscombe chastised, “Where we are tempted to speak of ‘different senses’ of a word which is clearly not equivocal, we may infer that we are in fact pretty much in the dark about the character of the concept which it represents.” Independence must, at some level, be unequivocal, whether being applied to a corporation’s Board of Directors or to its external auditors.
Strong arguments have been made in academic literature about Board members’ independence, although it is likely fair to say that there is virtual consensus that a plurality of board members need be independent of management. There is, of course, serious reason to question the need for independence in boards, but discussion of board independence is relevant to this essay only insofar as it parallels the discussion of auditor independence. Thus arises the question: don’t boards of directors serve a management oversight function analogous to that of an auditor? Boards maintain a sometimes difficult relationship with management, trying to provide oversight while still hoping to be trusted and an ally in the eyes of the managers serving under the board. Auditors toe a strikingly similar line, “independently” attesting to the veracity of management’s assertions of financial condition, while still trying to remain on good terms with—and get paid by—management.
It seems that if independence is not a universally recognized quality essential to boards, then it need not necessarily be so for auditors, the corporate governance cousins of boards of directors. Alternatively, as a somewhat milder suggestion, a definition of independence that places strict limits on the types of related engagements an auditor may properly undertake with an audit client may not be compelled, even if some measure of independence is deemed essential for external auditors. For example, a desire for independence might not require delineation of specific acts that are acceptable or not, but return to a subjective, case-by-case analysis. A less rigid, but firm, standard would also be more adaptable to changing circumstances in the business environment.
Indeed, the question of rigidity in accounting is a prescient one. Debate over principles versus rules looms large in contemporary discussion on the state of accounting. Many academic, regulatory, and practicing commentators have chimed in with a wide range of views. The debate has become particularly central to the larger debate over international comparability in financial reporting from companies operating in other nations and the current trend towards converging on a set of international accounting practices. “Overwhelmingly, rhetoric vaunts ‘principles-based systems’ and denigrates ‘rules-based systems.’”
In short, principles-based advocates state that positive rather than negative (shall-not) or aspirational (normative) codification of accounting rules, with their ever-increasing specificity, create a complex framework from which accounting treatments must be taken. The specificity of these rules, they argue, do not make accounting better, but simply more difficult. The rules create a rigid framework, but the clever accountant can bypass the framework, framing a transaction to be outside the rules and therefore not applicable. Accountants follow the letter, rather than the spirit, of the law. This is illustrated by acts such as what Enron was doing in the formation of entities like Chewco.
Principles-advocates, in criticizing the rules-based accounting framework, suggest that a return to more general principles regarding the fair presentation of financial data, coupled with strong enforcement, would allow for greater accountability on the part of accountants. Technically conforming with the rules would no longer suffice. Instead, enforcement would turn on whether, judging the specific facts of each case, the presentation was faithful to more general precepts about the fairness of financial statement presentations. This, principles advocates maintain, would be better for all parties.
Lawrence Cunningham rightly points to the inherent difficulties in labeling any part of the law (in a corporate context or not) a rule, standard, or principle. Cunningham observes that “a conscious effort to design a system to be either principles-based or rules-based would require forcing individual provisions toward the poles.” Choosing either system as an absolute, even if possible, is fraught with trade-offs: “The precise trade-off between certainty and context is not always clear. A principle can be more certain than a dense weave of rules. A vague articulation can yield a well-understood meaning, while a densely specified series of articulations can yield competing understandings.”
It might be best to simply have a standard of “objectivity” for all auditors, in the same sense that that word is already used to distinguish the “independence” of external auditors from the “objectivity” of internal auditors. The objectivity requirement could be applied to all “gatekeepers,” be they auditors, lawyers, directors, or others. But insisting on objectivity is a far cry from the utopian independence standards.
Independence in the context of board members obviously does not mean exactly the same thing as when applied to an external auditor, but the meanings are not wholly detached either. Boards provide an oversight function, looking over the shoulder of management; guiding the general course of the company, but largely leaving the details to management. Boards are generally thought to be accountable directly to the shareholders or perhaps the stakeholders of the company. We see board members as having a unique role: not really management, insofar as they do not control day-to-day operations, but certainly they are very important figures in the company’s long-term planning and success. Boards’ “requirements” are largely non-codified, in part because of their unique role, remaining principal-based instead of rule rule-based.
Perhaps it is precisely because of the unique nature of their role in corporate governance that many feel it is appropriate for at least some board members to be independent. Of course, no board member will be truly independent at least in the strictest sense, because they generally receive ample compensation for their part-time service as a board member and may have a substantial ownership interest as well. But independent directors generally do not have as much direct interest in the company as management or a very large shareholder.
The compensation (including stock grants) of directors has also been debated for many years. Professionals outside CPA firms are more commonly accepting equity stakes in lieu of cash payment. If directors and lawyers—both of whom also serve “gatekeeper” functions—can be compensated with ownership, why should CPAs automatically be considered different in this respect? Are CPAs inherently different—and thus their relationships with clients rightfully under higher scrutiny—than other gatekeepers? Are not all professionals interested in their clients’ affairs?
Among the many roles to be filled in a corporate governance regime is that of the independent auditor, whose role, in some respects, is not all that different from that of the board of directors. Like the board, auditors provide some sort of oversight function to management. The oversight function provided by auditors is, of course, different than the oversight provided by boards, but the two are surely analogous. Specifically, the external auditor provides assurance that the assertions management makes about the financial health of the company are not too far from the truth. The auditor never “certifies” the assertions of management in a way that insists management has presented an ideal representation of the company’s financial condition, but the auditors do lend support and credibility to representations made by the company’s management.
Like a board of directors, the auditor’s interests are generally consistent with those of management: the auditor wishes the company well, which will presumably continue the firm’s stream of audit fee revenue from the company, but the company is not the auditor’s only source of income. Neither are the auditor’s interests completely aligned with management’s interests. Just like the board, the auditor’s very presence reminds us that management is a potentially dangerous asset, one that must be watched over to protect the broader interests, especially those of the typically numerous and widely-dispersed shareholders.
We cannot escape the inherent conflict of interests already discussed. Even an “independent” auditor is being paid directly by the management of the company—the very same management whose assertions the auditor is examining. Without a redesign of this mechanism of corporate governance, we surely cannot be too serious about independence with respect to auditors. After all, if $27 million for non-audit services is enough to raise eyebrows about Andersen’s real interests in Enron, then surely $25 million for the audit is of some concern as well.
If auditors really are, as I suggest, analogous to a board of directors, then the idea that auditors must be independent may itself be on shaky ground. If directors can be insiders and, indeed, are perhaps better directors for being so, then could not the same be true for auditors? Maybe independence in auditors is important, but if it is, it should be easier both to define and to defend than it is today. The fact that auditors are not company employees makes them, at least in a very weak sense, inherently independent. But just where on the spectrum that includes both this weak version of independence and the strict (and currently impossible) form of independence should we want auditors to be?
A. Cadenza: The Case of the Malevolent Client
If corporate governance is to be serious about requiring some measure of independence by external auditors, then there must be frank and serious discussion about the nature of independence and just how strictly it is to be applied. Sarbanes-Oxley provides the strictest guidelines to date, but suffers from two major flaws with respect to independence: (1) it extols independence as a virtue without even acknowledging the inherent conflict in independence arising from existing fee and payment structures and (2) it prohibits a wide range of activities that, if performed by or with the external auditor, can greatly enhance not only the efficiency but also the degree of assurance provided by the audit.
Considering a hypothetical audit client will illustrate how Sarbanes-Oxley does not prevent what it was ostensibly written in response to: corporate malfeasance. Non-independent auditing relationships, on the other hand, might be a good tool to fight corporate wrongdoing. This is most apparent if we consider a hypothetical worst-case scenario: another Enron.
Corporate governance schema exist only because things sometimes go wrong—management begins to make too many mistakes, shareholders feel wronged, or any other number of possible circumstances. If everything always went perfectly, there would really be no need to have corporate governance; if things went along just fine, without exception, the increased costs of corporate governance would be an absolute waste. But problems do crop up. Legal recourse offers some, though rather limited, remedy in such cases and corporate governance strives to prevent such incidents. Once a scandal is discovered, however, there is generally already an insolvency problem, thereby making legal recourse to wronged parties difficult.
Sometimes corporate misbehavior is unintentional. Problems may arise, but it is possible they are not the result of an intention to harm, just carelessness or perhaps myopic self-interest combined with a lack of concern for others. The young and small corporation may suffer more from ignorance than pathology. But other acts of corporate wrongdoing are themselves the result of careful planning, such as in the case of embezzlement or fraud. The is all the more true in cases of collusion, and effective collusion is the textbook example of when an auditor is helpless to find even very large misrepresentations in the financial statements:
An audit provides reasonable, but not absolute, assurance of detecting material misstatement of the financial statements. Providing absolute assurance is not possible because available audit evidence is often less than convincing or conclusive, and due to the characteristics of fraud. For example, fraud often includes collusion among management, employees, or third parties and is concealed by falsifying documents (including forgery). An audit rarely involves authentication of documents, nor are auditors ordinarily experts in authentication. Also, even if possible, audits providing absolute assurance of detecting material misstatements of financial statements would be far too costly.
If wrongdoing is intentional, what role might an external auditor play?
Auditors do, in fact, often uncover wrongdoings by employees or officers of a company. But where there is coordination or collusion, the auditor will be much less likely to uncover the acts, especially at an early stage. Perhaps the client is just a bit too “aggressive” in their use of “special purpose partnerships” or similar vehicles, much like Enron, and the auditor is unaware of the magnitude of such partnerships and their potential impact on the company’s overall financial condition. Although it is no excuse, an audit team’s lack of experience and expertise may make them susceptible to losing sight of materiality, especially in the aggregate. That is, they are especially vulnerable to not identifying cumulatively material amounts arising from individually immaterial audit differences.
Whether the client is acting wrongly with an expressed intent to do so or not, the auditor is handicapped in uncovering the acts if they can only perform the (usually only annual) external audit for the client. For SEC-registered companies, there are also quarterly reviews, but reviews are fundamentally different in their scope. While an auditor is always expected to gain a detailed understanding of any client’s business, an auditor that spends a lot of time working with the client in other matters gains an even more intimate understanding of the client. This increased knowledge can only aid the auditor in uncovering the wrongful acts, whether inadvertent or carefully planned and executed.
If something bad is occurring within a company, external auditors may uncover it. But if an effort is being made to conceal the bad behavior, then the auditor may not be very effective. Even in the context of an environment of collusion, however, if the auditor spends additional time at the client’s business performing other tasks and learning more about the client’s business, the chances that the auditor will discover the wrongful acts increases dramatically. An auditor may still be conflicted as to whether or not to report a client that is intentionally misbehaving, but the auditor faces this dilemma regardless of the amount of money they are collecting from the client and regardless of whether those fees come from auditing or other services.
Allowing auditors to spend more time at their clients’ offices, in any capacity, seems to promote the likelihood of discovering wrongdoing. Maybe Andersen did cross the line such that Andersen employees were virtually indistinguishable from Enron employees, either in action or in loyalty. But this is not a necessary result of performing internal audit procedures. Had Andersen only been the external auditor for Enron, it is hard to believe that the accounting problems would have been found any earlier, and it is virtually inconceivable to believe that they could have been prevented simply because Andersen was performing only the financial statement audit and no non-attestation services. But is it not at least possible that the extent to which Andersen was engaged with Enron helped accelerate the time it took for these issues to come to light?
VII. Getting Around Independence: Financial Statement Insurance (FSI)
In this section, I describe an innovation that could be undertaken to better protect clients and avoid the current problems of independence. Although it would not “solve” the independence problem, it would render it moot, at least for companies that adopted the innovation. I am not the first to propose this method of protecting investors; there is a growing literature on financial statement insurance (“FSI”). An FSI alternative would not entail merely paying an outside auditor to render an opinion (“assurance”) on the quality of financial statements, but would actually insure investors against losses incurred because of inaccurate financial reporting. Thus, the insurer has both a financial incentive and the requisite objectivity to see that financial reporting is of the highest quality possible.
The first and most obvious attraction to FSI is that it provides an actual remedy. Instead of stockholders being left as residual claimants to any remaining assets after a corporate implosion, stockholders in companies with FSI would be compensated in case of failure, paid directly by the insurer. FSI would be expensive, but the price would have already been paid by the company during the course of operations, and also would have been among the information available to investors trading in the company’s stock, thereby influencing the price of the stock itself.
In essence, the proposal would work to partially re-privatize auditing, which we have increasingly come to regard as a regulatory function. Regulation, in the context of securities and elsewhere, purports to protect the public, but, at least in the case of securities regulation, the regulatory framework has failed to provide any real remedy to those who lose money, even through fraud. Provision of such a remedy should not be required, but neither should it be discouraged. Enron serves as perhaps the most salient example of the fact that failure, even after lawsuits, leaves essentially no remedy. I certainly do not want to require that all investments are insured, for investments are most fundamentally a matter of risk and uncertainty. However, through an opt-out from the current regulations, I propose that certain SEC registrants could alternatively obtain FSI. Although FSI is not (and should not be) intended to protect investors from all risk, it provides real compensation to investors in the event of corporate implosion resulting from fraudulent reporting. The insurance company, profiting from its sophisticated assessment and pricing of risk, would remain solvent and would be contractually obligated to make restitutionary payments to shareholders.
What would FSI-issuers look like? Whom would they serve? Macey argues that more robust financial intermediaries could have prevented Enron. Cunningham has argued that FSI could replace audits as we currently know them. These two authors address rather different issues in these works, but I suggest that FSI is a single solution that addresses at least some concerns of both. Cunningham now wants FSI to be mandatory, but it is likely most viable, or at least less radical, as an alternative to the current audit process. Inflexibility of the existing regulatory apparatus, however, presently precludes such a choice. Shareholders should be able to determine if they wanted conventional audits or insurance and vote on the matter; investors could decide what degree of risk they want. In companies that bought FSI instead of engaging auditors directly, the insurance companies could decide if they wanted to engage auditors, what type of audit information (or grade) they wanted, and engage auditors to that end. It is quite conceivable that some insurers would bring the audit function in-house. The accounting profession might not be maintained as it currently exists, but it would not really be hurt either. As former public accounting firms’ auditors would now simply work for insurance companies. Moreover, this new institution would also be a type of financial intermediary, which as Macey argues, would offer valuable information to shareholders and the investing public.
Insurers in an FSI regime would be a truly independent party—they would have far better incentives to properly ascertain a company’s financial position. Although FSI-issuers would receive payments directly from the companies they insured, the insurers face great risk themselves, which serves as an incentive to get the analysis and evaluation done right. CPAs do not currently face such a risk; failure of an audit client need not cause any loss or harm for the CPA firm itself. Andersen remains the anomaly, not the rule. Being introduced as a competitive alternative to conventional audit services, an FSI regime could likely spur drastic changes in public accounting, such as relative or graded reporting. Instead of offering grades or degrees of assurance or confidence in reports, current opinion letters are essentially an all-or-nothing choice. FSI could jettison this broken and ineffective style of reporting, offering instead reports with greater detail about an auditor’s assessment of the financial reporting process of a company. FSI-issuers would also rectify auditors’ current status of being the client-paid less-than-advocate but also less-than-adversary ambiguity. FSI-issuers would be an interested third party, but their interest would provide incentives to be aggressive in their investigations and also bolster the interests (and protection) of existing and prospective shareholders.
Conceivably, a CPA firm might want to enter the business of being an FSI-issuer, but this shift—from financial statement assurance to financial statement insurance—is far too drastic a change to force onto the profession of CPAs. While I do not wish to foreclose this option, I do not believe firms would be willing to leap directly and headlong into issuing FSI. They generally lack, among other things but perhaps most significantly, the actuarial expertise to price such a product and likely the necessary capital too. Eventually, CPAs might be attracted to issuing FSI, but they should not be expected to do so. CPAs would, however, continue to be important gatekeepers in the corporate world, working in the traditional manner and also as engaged or employed by FSI-issuers.
FSI-issuers would fill in as a new class of financial intermediary, something even greater than previously existed. Macey praised the role of financial intermediaries, who are very sophisticated users of financial statements able to discern financial woes (and, conversely, undervaluation) lurking far beneath the surface of a set of financial statements. But, as Macey also points out, they are not always correct, as in their failure to uncover Enron’s troubles under the surface. Surely Macey is right about the critical role of financial intermediaries. But more recently, we have also seen that those who assign credit risk ratings, another example of financial intermediaries, woefully underrated the risk of bundles of securitized sub-prime mortgages. This does not condemn intermediaries. It should, however, remind us that there is no panacea for regulating publicly traded firms, either by government or private institutions.
Existing financial intermediaries, such as rating agencies, currently have reputational concerns as their primary motivation to be truly objective in light of the fact that they are paid directly by the companies they are rating. But in this respect, these intermediaries are hardly in a different position than CPA auditors. FSI-issuers, however, would not only have reputational considerations but also large financial risk as incentives to perform their task well. Insofar as the stakes would be higher for FSI-issuers than for existing intermediaries and audit firms, they would be even more robust institutions than those Macey is already extolling.
FSI-issuers need not publicly assess the specific degree of risk in their clients’ financial statements, but they might choose to do so by providing “graded” audits. FSI firms could issue new types of reports that offer a wider range of opinions, like grades given to students by their teachers and to restaurants by health inspectors. Auditors might even precisely quantify their estimated risks of misstatement. So, in addition to solving the problem of independence in auditing, FSI would also introduce additional competition, both against conventional audits and within the area of financial intermediaries.
Even if FSI-issuers did not specifically grade or disclose risk, surely relative risk could be ascertained from disclosures made about the cost of FSI. One need not accept the Efficient Markets Hypothesis in order to agree that the price of FSI would necessarily contain a vast and sophisticated analysis of risk and value performed by the insurance firm’s actuaries. These calculations would be taken quite seriously as the FSI-issuer would bear the cost of the company’s failure. But, in turn, the cost of the insurance would provide information to existing and potential investors, information that would itself affect stock prices.
I presently set aside the many practical issues facing the implementation of FSI because they are well beyond this essay’s scope. This essay is about auditor independence, not FSI. Notwithstanding, the role of auditors could change considerably in a world in which FSI was a possibility. Some of the numerous actual or potential impediments, though, include the legality of FSI as an alternative (i.e. the need of an exemption from the current system), capital required to finance FSI, ability to effectively price the product, questions of insurance regulation, and the willingness of insurance companies to innovate and start offering such a product.
FSI would be most attractive to companies whose financial condition is easily obfuscated by conventional financial statement presentation. This would include not only companies whose line of business in inherently complex, but to any entity with a significant degree of non-traditional financial transactions, including put and call options, off-balance-sheet financing, and extensive related-party transactions, among countless other scenarios. Most investors cannot get to the bottom of what is really going on in such financial statements. Prior experience shows that financial intermediaries have not lived up to this ideal, either. Mitigating risk by offering FSI would send strong signals to investors about the company’s risk. This information could even spur investment. With greater information, and the cost of mitigating risk, returns might not have such sky-high potential as otherwise, but more capital might be available. With the lower risk but higher cost of FSI, hypothetical returns are lowered. But lower risk also lowers the cost of attracting new capital. This capital availability might be better for the company and, in turn, for investors. FSI, then, is far from a universal solution. Most importantly, it is a decision for directors, not regulators, to make. Although FSI brings potentially powerful benefits, it may also bring much greater cost, especially for the most complicated entities, but also for smaller companies with comparatively less financial complexity. While FSI is far from a panacea for securities regulation, it brings clear and much-needed benefits.
Among the greatest benefits of FSI would be a certain side-stepping of the independence problem altogether. Joshua Ronen, author of the ur-text of the contemporary FSI literature, states:
I conclude that no exogenous force—legislation, regulation, enforcement, or litigation—can satisfactorily resolve the intractable conflict of interest. I would argue that only severing the agency relation between the client-management and the auditor can remove the inherent conflict of interest. We need to create instead an agency relationship between the auditor and an appropriate principal—one whose economic interests are aligned with those of investors, who are the ultimate intended beneficiaries of the auditor’s attestation. Such a realignment of interest would restore the “complete fidelity to the public’s trust” that Chief Justice Burger insisted on in his opinion [in United States v. Arthur Young].
Earlier, I said that I believe independence to be the single most fundamental issue of auditing. If FSI is implemented but, as I advocate, not made necessary, then it certainly does not cure auditing of the independence problem. But it will offer a new model of financial statement attestation that does not rely on the independence paradox as its primary virtue. On the other hand (and despite my reservations), while optional FSI would merely selectively sidestep the auditor independence problem, mandatory FSI would effectively eradicate it.
The story of Arthur Anderson and Enron may be useful to the study of corporate governance, but only if we take from it the correct lessons. If their dual implosion was the consequence of auditor non-independence, then we should improve our independence standards, as Sarbanes-Oxley purported to accomplish. But if part of the problem is independence itself, and its impossibility, then we should examine the justifications for and alternatives to auditor independence. Andersen’s relationship to its audit client Enron was considered to be independent at the time Enron announced that it doubted its ability to be considered a going concern. This is true even though Andersen was performing both external and internal auditing for Enron. But since the passage of Sarbanes-Oxley, such arrangements are expressly forbidden.
Concern over Andersen’s high fees, slightly over half of which were the result of non-audit services performed for Enron, led many to accuse Andersen of having impaired independence with respect to Enron. Others felt that the mere fact Andersen performed both internal and external audit procedures should constitute a per se lack of independence. Current law reflects both of these views, severely limiting the types of additional engagements an external auditor may have with those clients it performs audits for.
This essay first addressed how additional engagements, though now forbidden, might actually improve external audits. By increasing the auditor’s assurance in underlying procedures, audit costs may be lowered, the audit may be performed more effectively, and with greater time for effective analytical procedures. The increased exposure to the client’s operations also generally helps the auditor gain a better understanding of the client’s business, which is part of what the auditor should always be trying to do. The end might often be quicker, cheaper audits, but this is not the primary objective. First and foremost, analytical procedures result in better audits.
This essay also questioned the very meaning of independence. Independence cannot be interpreted too strictly because auditors are always paid by those they are auditing. Independence must, then, mean something less than complete and literal independence from the client. Yet independence must still mean more than simply not being on the payroll of the client.. This is the independence paradox of auditors. Where the proper definition of independence actually resides is an open question.
In any event, independence may not be all that important. After all, board members, who, much like auditors, provide oversight for management on behalf of the stockholders, are often not independent. Why must auditors always be independent?
There is also a question, even assuming auditor independence is rightly a high priority, whether or not Sarbanes-Oxley advances this goal in a way that actually serves to prevent future accounting scandals. Could the Enron crash have occurred even under Sarbanes-Oxley? Almost certainly. Enron was a terrible disaster. And along with the fall of this gigantic corporation came the fall of an enormous accounting firm. There is no way to deny the tragedy that occurred or to repay or even console the countless shareholders in both entities, but a remedy that is worse than the ailment is no remedy at all. Sarbanes-Oxley’s auditor independence provisions may be just such a false remedy, fighting a straw man and raising the costs of audits in the meantime.
Even if Andersen’s independence with respect to Enron were compromised, it is unclear that this lack or impairment of independence had anything to do with the scandal that brought such havoc to both entities. Indeed, one could imagine ways in which it could have been worse, had Andersen merely been the external auditor.
There is a strange ambivalence often present in the auditor-client relationship. Both parties are somewhat wary of the other. In a very real sense, the auditor is paid to be so. The clients’ employees are often intimidated, not fully appreciating the role of the external auditor, and sometimes the employees fear that they, personally, are being evaluated. This makes for an uncomfortable interpersonal environment, but also one in which the auditor is hindered in completing the audit as thoroughly as they might like—and at lower costs to stockholders.
When the client feels comfortable with their auditor and desires the auditor to engage in additional work with the client, a rapport between the auditors and client can begin to be built with even the most apprehensive employees of the client. As the client’s employees and the auditors come to know one another, the auditor gains a much fuller understanding of the client’s business, an understanding that is of great use in performing the audit.
There are distinct benefits to an auditor that can gain additional insight into the operations of their clients. While such benefits are important, they are not the only concerns, of course. But independence, without further explanation and rationale, cannot be a virtue unto itself. Indeed, the case for strict standards of independence seems to be less than overwhelming.
It is easy to hang the blame for Enron on independence because many people felt that Andersen’s relationship with Enron was indeed non-independent. But independence may not have been an issue at all, and certainly it was not the primary issue. The real problem at Enron was the material misrepresentation of financial condition. But ultimately, this was management’s wrongdoing, not the auditor’s, even though the auditor may have been complicit. Some minimal degree of independence by auditors may be essential. Absolute independence, however, is almost certainly unnecessary, might be impossible, and is, in any event, very costly. Unfortunately, Sarbanes-Oxley mandates conditions which seem much closer to the latter of these two positions.
The optional implementation of financial statement insurance provides a way for companies to opt in to a different scheme of financial statement attestation. But, beyond attestation, it also provides a built-in remedy in the event of fiscal catastrophe. This should be an optional choice because it might not be the best option for some companies. Nonetheless, FSI offers compensation for harm suffered by shareholders, so it is ideal for companies that engage in complicated or risky transactions of which shareholders, especially after Enron, might be wary. FSI could be costly, but the cost would vary with risk and the amount of insurance given, as all insurance products do.
For the purposes of this essay, however, FSI is unique because it solves, or at least bypasses, the question of auditor independence. The insurer becomes an intermediary between the company and the shareholder in a greater sense than the auditor in the current regime does. The risk premium a company receives in a competitive insurance market would also send a strong message about risk to existing and potential shareholders. Because of the insurer’s unique interest in the matter, the problem of auditor independence is thoroughly avoided. Auditing would still be performed, but now by the insurer or an agent acting for the insurer (conceivably even a public accounting firm hired by the insurer). The audit process would no longer be essentially a “public service” but, as it originally was, a private service, even if still compelled by law.
* Fellow, Liberty Fund, Inc.; JD, Benjamin N. Cardozo School of Law (2006); MA (economics), The New School for Social Research (2005); BS, University of Tennessee at Chattanooga (2001); CPA (State of Tennessee).
. John Hasnas, Unethical Compliance and the Non Sequitur of Academic Business Ethics, 21 J. Private Enterprise 87, 87 (2006). The target of Hasnas’s criticism is the broader ethics “reforms,” not just auditor independence, but his “vacuous bromide” also begins with Enron. “We live in a post-Enron world. The corporate scandals that rocked American business over the past four years have brought renewed attention to the importance of ingraining the principles of business ethics into the corporate environment.” Id.
. The Fortune 500 Largest U.S. Corporations, Fortune, Apr. 16, 2001, at F1.
. Richard A. Oppel, Jr. & Floyd Norris, In New Filing, Enron Reports Debt Squeeze, N.Y. Times, Nov. 20, 2001, at C1.
. See, e.g., Greg Burns, Accounting’s Power Slips into Loss Column, Chi. Trib., Nov. 10, 2002, at C1.
. Peter Behr et al., Enron Executive Sought Help, Wash. Post, Jan. 13, 2002, at A3.
. “’We are on the side of angels,’ Mr. Skilling said in March, dismissing those who saw the company as a profiteer in California’s energy crisis . . . . But less than a year later, everybody seems to have lost, especially Enron’s investors. Enron’s stock is plunging, and questions about its finances are mounting.” Alex Berenson & Richard A. Oppel, Jr., Once-Mighty Enron Strains Under Scrutiny, N.Y. Times, October 28, 2001, at B.1. By December 2, Enron had filed for bankruptcy after rival Dynegy backed out from its offer to buy Enron, and Enron was already deeply embroiled in defending itself against allegations of material financial misstatement in the preceding years:
Enron, which became one of the world’s dominant energy companies by reshaping the way natural gas and electricity are bought and sold, filed the largest corporate bankruptcy in American history yesterday and blamed the company that had presented itself as its rescuer.
The Enron Corporation sued Dynegy, a crosstown Houston rival that had agreed to acquire Enron on Nov. 9, for backing out last week after citing what it called Enron’s rapid deterioration and misrepresentations. Enron immediately collapsed, making a bankruptcy filing all but certain.
Once the world’s largest energy trader, Enron is now seeking $1 billion or more in loans and a partnership with a major bank to allow it to stay in business.
Richard A. Oppel, Jr. & Andrew Ross Sorkin, Enron Corp. Files Largest U.S. Claim for Bankruptcy, NY Times, December 3, 2001, at A1.
. See Victor Fleischer, Enron’s Dirty Tax Secret: Waiting for the Other Shoe to Drop, 94 Tax Notes 1045, 1045 (Feb. 25, 2002).
. Id. at 1045, 1047.
. Jonathan Macey points to examples of “financial intermediaries” that did read Enron’s pre-scandal financial statements and realized investors should get out fast. See generally Jonathan R. Macey, A Pox on Both Your Houses: Enron, Sarbanes-Oxley and the Debate Concerning the Relative Efficacy of Mandatory Versus Enabling Rules, 81 Wash. U. L.Q. 329 (2003). “I think it is clear, at least in the case of Enron, that despite the failure in the quality of the (mandatory) reporting generated by Enron, the company’s problems could have been discovered by diligent intermediaries much earlier.” Id. at 333.
. Adrian Michaels & Richard Waters, Accountancy put Back Under the Spotlight, Financial Times, Nov. 10, 2001, at 20.
. Mark Kessel, Training Auditing Watchdogs to Bark, Financial Times, Dec. 21, 2001, at 10.
. Michaels & Waters, supra note 15, at 20.
. David F. Larcker & Scott A. Richardson, Fees Paid to Audit Firms, Accrual Choices, and Corporate Governance, 42 J. Acct. Res. 625, 626 (2004).
. O. Ray Whittington & Kurt Pany, Principles of Auditing and Other Assurance Services 78 (13th ed. 2001) [hereinafter Whittington & Pany, Principles of Auditing].
. AICPA Code of Professional Conduct, § 101 (1988), available at http://www.aicpa.org/about/code/et_101.html.
. The SEC and AICPA jointly created the eight-member ISB in 1997 to formulate independence standards to govern the audits of SEC registrants. Whittington & Pany, supra note 21, at 18.
. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, § 103, 116 Stat. 745 (2002).
. Whittington & Pany, supra note 21, at 77.
. The AICPA “Rule” says, in its entirety, that “A member in public practice shall be independent in the performance of professional services as required by standards promulgated by bodies designated by Council.” AICPA Code of Professional Conduct, § 101, available at http://www.aicpa.org/about/code/et_101.html. The code then goes on to give a set of non-exaustive “interpretations” of the rule that offer more specific examples of acts which impair independence. See generally id.
. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, § 201(a), 116 Stat. 745 (2002) (codified as 15 U.S.C. § 78j-1(g) (2006)).
. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, § 201(b), 116 Stat. at 772 (codified as 15 U.S.C. § 7231 (2006)).
. See generally In re Interstate Hosiery Mills, Inc., 4 S.E.C. 706 (1939) (holding that a CPA firm employee maintaining the falsified books of an audit client had violated the principle of independence, notwithstanding the fraudulent nature of the service).
. Partners must be independent across the firm; managers, at the office they work in but not across the firm; and staff need only be independent with respect to clients they audit. Whittington & Pany, supra note 21, at 73.
. Id. at 75.
. Id. at 72 n.3.
. Id. at 75.
. Nicholas Dopuch et al., Independence in Appearance and in Fact: An Experimental Investigation, 20 Contemp. Acct. Res. 79, 109 (2003).
. Id. at 108. But see Clive S. Lennox, Non-audit Fees, Disclosure and Audit Quality, 8 Eur. Acct. Rev. 239, 239 (1999) (suggesting that “when non-audit fees are disclosed, the provision of non-audit services does not reduce audit quality”).
. Dopuch et al., supra note 34, at 86.
. Ralph Frammolino & Jeff Leeds, Andersen’s Reputation in Shreds, L.A. Times, Jan. 30, 2002, at A1.
. See Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, § 201, 116 Stat. 745 (2002).
. See 1 AICPA, Professional Standards: US Auditing Standards § AU 150.02 (AICPA 2008) (2004) available at http://www.aicpa.org/download/members/div/auditsd/au-ou130.pdf. (also (and increasingly) known as “auditing principles generally accepted in the United States,” to reflect appreciation for the differences between U.S. and emerging international standards).
. See Bruce Pounder, Framing the Future: A First Look at FASB’s GAAP Codification, J. of Acct. 40 (2008). I should certainly note, however, that we sit today on the precipice of a revolutionary change in GAAP: codification by the Financial Accounting Standards Board (FASB), expected to take effect by April 2009. Id.
. The history of the various bodies and AICPA committees is tumultuous, and the type of reports that they issue are numerous, but much of the AICPA’s Code of Professional Responsibility are verbatim reproductions of other reports. In the case of GAAS, the codified version is the adoption of Statements of Auditing Standards (“SAS”) reports. The latest version, SAS 95, replaced, inter alia, SAS 1, but remains largely the same. The SAS 95 version has been in effect for audit periods beginning on or after December 15, 2001. The full text of the standards follows:
The general, field work, and reporting standards (the 10 standards) approved and adopted by the membership of the AICPA, as amended by the AICPA Auditing Standards Board (ASB), are as follows:
1. The auditor must have adequate technical training and proficiency to perform the audit.
2. The auditor must maintain independence in mental attitude in all matters relating to the audit.
3. The auditor must exercise due professional care in the performance of the audit and the preparation of the report.
Standards of Field Work
1. The auditor must adequately plan the work and must properly supervise any assistants.
2. The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures.
3. The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit.
Standards of Reporting
1. The auditor must state in the auditor’s report whether the financial statements are presented in accordance with generally accepted accounting principles (GAAP).
2. The auditor must identify in the auditor’s report those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period.
3. When the auditor determines that informative disclosures are not reasonably adequate, the auditor must so state in the auditor’s report.
4. The auditor must either express an opinion regarding the financial statements, taken as a whole, or state that an opinion cannot be expressed, in the auditor’s report. When the auditor cannot express an overall opinion, the auditor should state the reasons therefor in the auditor’s report. In all cases where an auditor’s name is associated with financial statements, the auditor should clearly indicate the character of the auditor’s work, if any, and the degree of responsibility the auditor is taking, in the auditor’s report.
1 AIPCA, supra note 41, at AU § 150.02-.03 (citations omitted), available at http://www.aicpa.org/download/members/div/auditstd/au-00150.pdf.
. The “GAAP hierarchy” refers to the varying weight that sources of accounting guidance have under the traditional catchall category of GAAP. While official pronouncements of bodies like the AICPA and SEC are at the highest level, even some of their literature is lower in the hierarchy. The lowest level of the hierarchy—materials that can be relied on in the absence of better guidance—include virtually any secondary source material. Again, this will change in the near future, as GAAP changes to a model of codification, but this is the historical, and current, state of GAAP. See Pounder, supra note 42, at 40.
. Id. at 40.
. See discussion infra at notes 149-159 and accompanying text.
. See, e.g., Richard M. Frankel et al., The Relation Between Auditors’ Fees for Nonaudit Services and Earnings Management, 77 Acct. Rev. 71, 98, 100 (Supp. 2002) (finding positive correlation between nonaudit fees and earnings surprises). But see William R. Kinney, Jr. & Robert Libby, Discussion of The Relation Between Auditors’ Fees for Nonaudit Services and Earnings Management, 77 Acct. Rev. 107, 109-10 (Supp. 2002) (suggesting the class of fees concerning Frankel, et al. was too broad and also criticizing Frankel, et al.’s simplification of relations and incentives as between auditor and client). See generally Roberta Romano, The Sarbanes-Oxley Act and the Making of Qnack Corporate Governance, 114 Yale L.J. 1521, Pt. I.B (2005) (discussing the provision of nonaudit services, introducing and discussing this and other empirical literature from outside law).
. Romano, supra note 47, at 1533.
. Id. at 1535-36.
. In January 2001, for instance, just months before the Enron scandal began to break, an article in the Journal of Accountancy (published by the AICPA), praised the Independence Standard Board’s (ISB) recent “exposure draft for a conceptual framework for auditor independence containing the concepts and basic principles that will guide the board in its standard setting” and explicitly addressed the value of efficiency in auditing:
The goal of independence is “to support user reliance on the financial reporting process and to enhance capital market efficiency.” With this aim, the ISB looks beyond the immediate benefit of the auditor’s independence—unbiased audit decisions—to these broader targets. If standards reduce independence risk slightly but carry unintended consequences that harm the quality of financial reporting or capital market efficiency, they do not serve the public interest.
Susan McGrath et al., A Framework for Auditor Independence: The ISB Lays a Foundation for Future Guidance, 191 J. Acct. 39-41 (2001), available at http://www.journalofaccountancy.com/Issues/2001/Jan/AFrameworkForAuditorIndependence. While market efficiency is different from intra-firm efficiency, they often went hand-in-hand. Just over two and a half years later, another Journal of Accountancy article summarized the impacts of Sarbanes-Oxley, simultaneously bemoaning the loss of availability of certain audit techniques and the restriction of the new independence standards:
New audit approach. To enhance audit efficiency and effectiveness, auditors have in the past used a variety of methods that will no longer be acceptable for integrated audits of public companies . . . .
. . . .
If asked to be involved in a client’s project, an auditor must be careful not to impair his or her independence and objectivity. The SSAE ED [Reporting on an Entity’s Internal Control Over Financial Reporting, an exposure draft of guidance issued by the AICPA] says auditors may help prepare or gather information as long as management directs and takes responsibility for documenting controls in the process, including determining which controls to document. Auditors can help clients understand the process and advise them on how to identify significant accounts, processes and reporting units, as well as how to evaluate controls’ effectiveness. Indeed some auditors give clients electronic templates to ensure entitywide consistency in assessing controls. However, the auditor cannot be the person to determine which accounts or processes are significant, nor accept management’s responsibility to reach conclusions on the effectiveness of the entity’s internal controls; the auditor’s role is to report on management’s conclusions. Similarly, management cannot base its assertion about design and operating effectiveness on the results of the auditor’s tests.
Donald K. McConnell, Jr. & George Y. Banks, How Sarbanes-Oxley will Change the Audit Process: CPAs Will Have to Develop New Procedures and Scrap Some Old Ones, 196 J. Acct. 49, 51, 53-54 (2003), available at http://www.journalofaccountancy.com/Issues/2003/ Sep/HowSarbanesOxleyWillChangeTheAuditProcess.
Additionally, many of the academic articles discussed in Romano, supra note 47, at nn. 39-43 and accompanying text, test or expand on the relationship of efficiency and auditor performance. Moreover, the 2001 view of the ISB regarding the role of auditor independence to capital market efficiency likewise accords with Romano’s position, indicating that audit independence and efficiency are viewed as mutually supportive from both a practical and theoretical perspective. McGrath et al., supra note 50, at 40 (“The goal of independence is ‘to support user reliance on the financial reporting process and to enhance capital market efficiency.’”).
. Whittington & Pany, supra note 21, at 138.
. Id. at 138.
. Id. at 137.
. Inherent risk and detection risk are always stated in words, not numbers, describing the relative risk, thus rendering a numeric representation of audit risk impossible. “Realize, however, that the model expresses general relationships and is not necessarily intended to be a mathematical model to precisely consider the factors that influence audit risk in actual audit situations.” Id. at 139.
. See, e.g., James Shanteau, Competence in Experts: The Role of Task Characteristics, 53 Org. Behav. & Hum. Decision Processes 252, 257-58 (1992) (analyzing a number of professions and finding only auditors’, nurses’, and physicians’ performance to have a bimodal distribution, that is, large numbers of both good and bad performances). See generally Expert Judgment & Expert Systems (Jeryl L. Mumpower et al., eds. 1986).
. See generally Sarah E. Bonner & Barry L. Lewis, Determinants of Auditor Expertise, 28 J. Acct. Res. 1 (Supp. 1990); Pamela Kent et al., Psychological Characteristics Contributing to Expertise in Audit Judgment, 10 Int’l J. Auditing 125 (2006).
. Shanteau, supra note 57, at 256-57.
. Id. (emphasis added).
. Bonner & Lewis, supra note 58, at 2.
. “[T]he general experience variable explained less than 10% of the variance in performance scores. Instead, most of the explanatory power was provided by variables which reflected task-specific training and innate ability.” Id. at 16 (emphasis added).
. Kent et al., supra note 58, at 129.
. See Whittington & Pany, supra note 21, at 139-40.
. See id. at 138.
. See id. at 139.
. See id. at 139-40.
. Id. at 140.
. Id. at 139.
. Which are not always the same. See supra notes 58-62 and accompanying text.
. See infra note 90 and accompanying text (describing agreed-upon procedures).
. Whittington & Pany, supra note 21, at 12, 776.
. See id. at 138, 216.
. See id. at 216.
. Id. at 266.
. See id. at 261-62.
. See id. at 266-67.
. See id.
. See Jonathan Macey, Getting the Word Out About Fraud: A Theoretical Analysis of Whistleblowing and Insider Trading, 105 Mich. L. Rev. 1899, 1899 (2007).
. Id. at 1907-09 (discussing the self-interested motivations of Enron’s so-called whistleblower, Sherron Watkins, concluding that her actions were beneficial, even if limited and born of her own self-interest).
. Whittington & Pany, supra note 21, at 44-46 (stating that the range of possible opinions are unqualified, qualified, adverse, or a disclaimer of opinion, but almost all opinions are, in fact, unqualified); Id. at 690 (stating additionally, a disclaimer may not be used so as to not express an adverse opinion where procedures would lead an auditor to make an adverse conclusion).
. See id. at 41.
. 1 AICPA, supra note 41, at AU § 411.
. Id.; see also Whittington & Pany, supra note 21, at 43.
. 1 AICPA, supra note 41, at AU § 326.
. See Whittington & Pany, supra note 21, at 5.
. Id. at 726-27.
. Id. at 715-16.
. Indeed, under certain conditions, they are compelled to do so.
. Whittington & Pany, supra note 21, at 149.
. 1 AICPA, supra note 41, at AU § 329.
. See id.
. Larcker & Richardson, supra note 20, at 627 (emphasis included).
. Id. at 625.
. See, e.g., Darin Bartholomew, Is Silence Golden When it Comes to Auditing?, 36 J. Marshall L. Rev. 57, 58-59 (2002).
[A] CPA firm acting as both auditor and consultant may be motivated not to report consulting deficiencies observed during the audit, thereby avoiding erosion of its consulting “brand name.” In general, any situation which increases the probability that an auditor will not truthfully report the results of his audit investigation can be viewed as a threat to independence.”
Dan A. Simunic, Auditing, Consulting, and Auditor Independence, 22 J. Acct. Res. 679 (1984). And, to the extent that poor incentives or other impediments to the independence or objectivity of auditors exist, it may itself be a function of the current regulatory regime:
[A]n unintended regulatory consequence of the growth of non-auditing business was to hand audit clients a powerful weapon. As noted, the original regulatory scheme protected auditor independence by requiring disclosure whenever a change in auditor occurred. Thus, if an auditor insisted that financial statements be changed before signing off on them, a corporation would probably listen because if not, the audit firm would publicly resign as auditor. With the growth of consulting services, however, corporations no longer had to either adhere to the auditor’s recommendations or explain why the auditor resigned. Instead, they had a third choice—to threaten to stop buying lucrative non-audit services from the auditor’s firm. Such a threat had teeth since it could be carried out in secret. Changes in non-audit service providers did not need to be revealed.
Amy Shapiro, Who Pays the Auditor Calls the Tune?: Auditing Regulation and Clients’ Incentives, 35 Seton Hall L. Rev. 1029, 1047 (2005) (citations omitted).
. See 1 AICPA, supra note 41, at AU § 329.
. Whittington & Pany, supra note 21, at 149.
. 1 AICPA, supra note 41, at AU § 329.
. Id.; see also Whittington & Pany, supra note 21, at 149.
. Unlike law, where it is common to obtain a license before beginning practice, accountants typically start their careers without one (and many leave public accounting before obtaining one). Even if one has passed the Uniform CPA exam, most states still require practical experience of one to two years before the accountant can be fully certified. AICPA, CPA Certificate and Permit to Practice Requirements, http://www.aicpa.org/download/states/require_pract.pdf.
. See supra notes 97-99 and accompanying text.
. Even if it were to again become acceptable for auditors to perform both “internal” and “external” audit work, there remains an important question, which I do not attempt to answer here, of whether the internal and external audit teams should consist of different staff from the CPA firm.
. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, § 201(a), 116 Stat. 745, 771 (2002) (specifically prohibiting “internal audit outsourcing services” as item (g)(5) of the amendment to Section 10A of the Securities Exchange Act of 1934 (15 U.S.C. 78j-1)).
. It is now an explicit requirement to provide auditors with a fully completed set of financial statements, with a narrow exception for small clients not publicly traded.
. 465 U.S. 805, 817 (1984) (emphasis included).
. Shapiro, supra note 99, at 1031.
. Id. at 1065.
. 1 AICPA, supra note 41, at AU § 312; see also discussion supra note 85 and accompanying text.
. 1 AICPA, supra note 41, at AU § 312.
. Richard A. Oppel, Jr. & Andrew Ross Sorkin, Enron Admits to Overstating Profits by About $600 Million, N.Y. Times, Nov. 9, 2001, at C1, C5.
. Because of their oligopoly power in the market, Andersen may have thought themselves to be unassailable and lost sight of the reputation concerns I have assumed relevant to all audit firms. See Lawrence A. Cunningham, Too Big to Fail: Moral Hazard in Auditing and the Need to Restructure the Industry Before it Unravels, 106 Colum. L. Rev. 1698, 1717-18 (2006) [hereinafter Cunningham, Too Big to Fail].
. See supra Sections I and II.
. See infra Section V.
. See supra Sections I-III.
. See infra Section IV.
. See infra Section V.
. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, 116 Stat. 245 (2002).
. “[I]t shall be unlawful for a registered public accounting firm . . . to provide to that issuer, contemporaneously with the audit, any non-audit service . . .” Id. at § 201(g), 116 Stat. at 771.
. See generally Romano, supra note 47.
. Sarbanes-Oxley Act of 2002 tit. II, Pub. L. No. 107-204, 116 Stat. 745, 771 (2002) (“Auditor Independence”).
. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204 § 201(a), 116 Stat. 745, 771-72 (2002) (amending § 10A of the Securities Exchange Act of 1934, 15 U.S.C. 78j-1).
. See discussion supra notes 25-33 and accompanying text.
. Dale R. Rietberg, Auditor Changes and Opinion Shopping – A Proposed Solution, 22 U. Mich. J. L. Reform 211, 214 (1988).
. See id. at Pt. I.B.
. See, e.g., Peter K. M. Chan, Breaking the Market’s Dependence on Independence: An Alternative to the “Independent” Outside Auditor 9 Fordham J. Corp. & Fin. L. 347, 348 (2004) (advocating a technological reform in auditing by mandating live access to accounting systems by auditors hired directly by investors).
. But see id. at 369.
. See generally Sean M. O’Connor, Be Careful What You Wish For: How Accountants and Congress Created the Problem of Auditor Independence, 45 B.C. L. Rev. 741 (2004) [hereinafter O’Connor, Problem of Independence]; Sean M. O’Connor, Strengthening Auditor Independence: Reestablishing Audits as Control and Premium Signaling Mechanisms, 81 Wash. L. Rev. 525 (2006) [hereinafter, O’Connor, Strengthening Independence].
. “In part, the laws [establishing accounting as the profession licensed to perform mandatory audits] seemed to be an acknowledgement of the ‘arrival’ of accounting as an important profession, in the same league as law and medicine.” O’Connor, Problem of Independence, supra note 134, at 755. I would remind readers, however, that law and medicine were hardly long-distinguished profession in North America in the early half of the twentieth century. The infamous Flexner report was published in 1910 by the Carnegie foundation, detailing the state of medical education at the time—but reforms took decades to implement. See Abraham Flexner, Medical Education in the United States and Canada Bulletin Number Four (1910), available at http://www.carnegiefoundation.org/files/elibrary/flexner_report.pdf. Medical education at the time was primarily a trade school education, lasted two years, and did not require a high school diploma. Flexner recommended, inter alia, a four-year medical education, open only students with at least two years of college prior to medical school. See id. at xi. The effect of these reforms, of course, is not uncontested, but the reforms did eventually elevate and standardize (if not make elite) medical education in the U.S. For a critical account from the midcentury. See generally Reuben A. Kessel, Price Discrimination in Medicine, 1 J. L. & Econ. 20 (1958). For a good overview of legal education’s similar history, see John O. Sonsteng et al., A Legal Education Renaissance: A Practical Approach for the Twenty-First Century, 34 Wm. Mitchell L. Rev. 303 (2007). It was not until the late 1930s that most law schools had adopted the ABA’s standards, which were themselves much more limited than today’s standards. See id. at 328-29.
. 465 U. S. 805 (1984).
. See O’Connor, Problem of Independence, supra note 134, at 755.
. Indeed, audits occurred for many years in the absence of such a requirement. Documentation of formal accounting dates back to at least the ancient Minoans of approximately 1700 B.C. Thomas R. Martin, Ancient Greece: From Prehistoric to Hellenistic Times 24-25 (1996). The first publication on modern accounting was no later than the fifteenth century. Gary John Previts and Barbara Dubis Merino, A History of Accountancy in the United States: The Cultural Significance of Accounting 3-4 (1998). While one could speculate about the earliest forms of auditing accounting records, it is certain that it existed as “public accounting” by no later 1720, in the wake of the South Sea Bubble. Id. at 24-25. Attestation by a third party has long been seen as a signaling mechanism to investors and the public. See Thomas A. King, More Than a Numbers Game: A Brief History of Accounting 67 (2006). See generally O’Connor, Problem of Independence, supra note 134; Sean O’Connor, Strengthening Independence, supra note 134.
. Actuarial services performed by or in coordination with the auditor, for instance, could be quite beneficial to the auditor, providing much greater assurance as to estimates based on actuarial calculations.
. Dupoch et al., supra note 34, at 85. See Curtis L. DeBerg, et al., An Examination of Some Relationships Between Non-Audit Services and Auditor Change, 5 Acct. Horizons 17, 23 (1991) (finding no correlation between non-audit services and auditor change, indicating, weakly, a lack of economic co-dependence between auditor and client). See generally William R. Kinney, Jr., et al., Auditor Independence, Non-Audit Services, and Restatements: Was the U.S. Government Right?, 42 J. Acct. Res. 561 (2004) (finding limited correlation between some services, but none for others); Lennox, supra note 35 (finding that audit quality is not reduced when non-audit fees are voluntarily disclosed to readers of the financial statements); Mark L. DeFond et al., Do Non-Audit Service Fees Impair Auditor Independence? Evidence from Going Concern Audit Opinions, 40 J. Acct. Res. 1247 (2002); Hollis Ashbaugh, et al., Do Nonaudit Services Compromise Auditor Independence? Further Evidence, 78 Acct. Rev. 611 (2003).
. See generally Romano, supra note 47.
. The age-old fallacy is often stated in the Latin, cum hoc ergo propter hoc (with, therefore caused by).
. Larcker and Richardson, supra note 20, at 625-27.
. For an excellent summary and discussion of the debate over independence, see Usha Rodrigues, The Fetishization of Independence, 33 J. Corp. L. 447, 495 (2008) (determining that independence with respect to the transaction is more important than independence from management, but that, ultimately, independence is an over utilized meme in corporate scholarship).
. Compare Donald C. Langevoort, The Human Nature of Corporate Boards: Law, Norms, and the Unintended Consequences of Independence and Accountability, 89 Geo. L. J. 797, 799 (2001), and Jill E. Fisch & Caroline M. Gentile, The Qualified Legal Compliance Committee: Using the Attorney Conduct Rules to Restructure the Board of Directors, 53 Duke L. J. 517, 581-84 (2003).
. The Act requires that “Each member of the audit committee of the issuer shall be a member of the board of directors of the issuer, and shall otherwise be independent.” Sarbanes-Oxley Act of 2002 tit. 111, Pub. L. No. 107-204, § 301, 116 Stat. 745, 775-76 (2002) (emphasis added). The Act also demands increased independence of auditors, precluding non-audit services that might give an auditor an “insider” perspective of the clients operations. Id. at § 201, 116 Stat. at 771-72.
. While Sarbanes-Oxley prohibits non-independent directors as members of the audit committee, it contains no restriction on their membership of the board itself. “Oddly, if Enron survived to this day, it would not have to change its corporate governance structure at all to conform to the requirements of the Sarbanes-Oxley Act . . . .” Jonathan R. Macey, Corporate Governance: Promises Kept, Promises Broken 81 (2008). Even the audit committee at Enron demonstrated “independence that surpassed the then-existing standards of conduct for audit committees.” Id.
. G.E.M. Anscombe, Intention 1 (1957).
. See, e.g., Alan R. Palmiter, Reshaping the Corporate Fiduciary Model: A Director’s Duty of Independence, 67 Tex. L. Rev. 1351, 1461 (1989); see also Rodrigues, supra note 144, at 495, who notwithstanding her critical gaze, is rethinking independence, not advocating its total abandonment.
. See, e.g., Sanjai Bhagat & Bernard Black, The Uncertain Relationship Between Board Composition and Firm Performance, 54 Bus. Law. 921, 955-56 (1999).
. See, e.g., Joshua Ronen, Post-Enron Reform: Financial Statement Insurance, and GAAP Revisited, 8 Stan. J. L. Bus. & Fin. 39, 60-65 (2002); see also Matthew A. Melone, United States Accounting Standards—Rules or Principles? The Devil is Not in the Details, 58 U. Miami L. Rev. 1161, 1174-76 (2004); Federrick Gill, Principles-Based Accounting Standards, 28 N.C. J. Int’ l. & Com. Reg. 967, 967 (2003); Anthony J. Luppino, Stopping the Enron End-Runs and Other Trick Plays: The Book-Tax Accounting Conformity Defense, 2003 Colum. Bus. L. Rev. 35, 189-90 (2003). But see Lawrence A. Cunningham, A Prescription to Retire the Rhetoric of “Principles-Based Systems” in Corporate Law, Securities Regulation, and Accounting, 60 Vand. L. Rev. 1411, 1412-13 (2007) [hereinafter Cunningham, “Principles-Based Systems”] (arguing that the rules-based versus principles-based accounting systems “classifications are too crude to describe or guide the design of corporate law, securities regulation, or accounting systems.”).
. “On November 15[, 2007], the SEC voted unanimously to stop requiring foreign companies that use IFRS [International Financial Reporting Standards] to re-issue their financials in GAAP for American investors . . . Institutional investors, buying record numbers of shares through Rule 144A offerings that require no conversion, have made it abundantly clear that they have no need for GAAP in valuing companies.” Closing the GAAP, Wall St. J., Dec. 12, 2007, at A18.
. Cunningham, “Principles-Based Systems,” supra note 151, at 1415.
. “The contention is that general principles such as UK GAAP that require auditors to report a ‘true and fair view’ of an enterprise are preferable to the over-specified U.S. model, and that the U.S. model encourages corporate officers to view accounting rules as analogous to the Tax Code.” Ronen, supra note 151, at 60.
. Thus “increasing uniformity also decreases the flexibility of management in making accounting choices, and hence limits its ability to signal expectations about the prospects of the company that are not shared by the public.” Id. at 62.
. “Restricting his choice to a single method or even to a specific menu of such methods limits his ability to convey truthful information if he has incentives to do so.” Id.
. Cunningham, “Principles-Based Systems,” supra note 151, at 1418-19.
. Id. at 1413.
. Id. at 1424.
. Since internal auditors are employees of the entity audited, they cannot be “independent,” but they must be “objective,” a standard analogous to independence. See Whittington and Pany, supra note 21, at 88-90 (discussing ethics for internal auditors).
. A directors’ duties may be strong, but they are context-dependent and allow for a great deal of discretion, too. Compare Smith v. Van Gorkom, 488 A.2d 858, 864 (Del. 1985) (holding, inter alia, that “the Board did not deal with complete candor with the stockholders by failing to disclose all material facts, which they knew or should have known, before securing the stockholders’ approval of the merger”) with Brehm v. Eisner, 746 A.2d 244, 258-59 (Del. 2000) (en banc) (holding that the board’s approval of Michael Ovitz’ employment agreement was a valid exercise of business judgment, even in light of charges that board members “did not avail themselves of all material information reasonably available” in making that decision); see also Rodrigues, supra note 144, at 447 (discussing the contextual nature of Delaware’s development of law about the independence of boards).
. This, too, is a source of great debate. A 2007 study of over 20,000 directors at over 3,200 companies “found that overall, median total compensation for individual U.S. board members was just over $100,000.” Martha Graybow, Female U.S. Corporate Directors Out-Earn Men: Study, Reuters, Nov. 7, 2007, available at http://www.reuters.com/article/domesticNews /idUSN0752118220071107?sp=true. “More than 80 directors earned more than $1 million in total compensation for a single board seat,” and, while “[d]irector pay is typically far below what top corporate executives are awarded, . . . . [a]ctivist shareholders say that director pay does need to remain in check because the role is basically a part-time job.” Id.
. Gatekeepers are professionals that serve in intermediate capacities between firms and their investors, including attorneys and CPAs. See John C. Coffee, Jr., Gatekeepers: The Professions and Corporate Governance 1-2 (2006).
. The U.S. Supreme Court has used the word “certified,” though without elaborating on the meaning. See United States v. Arthur Young & Co., 465 U.S. 805, 817 (1984). However, this certainly is not the way auditors see their role. See supra notes 83-88 and accompanying text (describing the limited nature of assurance provided by auditors and the assertions management is making about the financial statements).
. Auditors are but a specific case of the principle-agent problem, most often discussed in the case of management as agents: “This arrangement [of client-paid auditors] creates an inherent conflict of interest that is endemic to the relation between the client (the principal) and the auditor (the agent).” Ronen, supra note 151, at 47.
. Richard Waters & Adrian Michaels, Accountancy Put Back Under the Spotlight, Financial Times, Nov. 10, 2001, at 20.
. See supra Section 1.
. Whittington & Pany, supra note 21, at 39.
. A review is also an assurance function provided by CPAs, but it is far less comprehensive than an audit. Substantive tests are generally not part of a review and, if they are performed, it is typically only because of irregularities spotted as part of analytical procedures. In most reviews, after the client provides the CPA with the financial statements, management is asked questions, mostly about internal control, and the CPA performs some analytical procedures. While irregularities will result in additional procedures, this is not the norm for a review.
. Audits were traditionally a source of information and signaled quality, but government-mandated audits have changed their meaning fundamentally:
In combination with the lack of accountability created by the limited liability partnership (LLP) and the regulatory commodification of audits, this flaw [that “the modern accounting industry operates more like a business than a profession”] has led to a market in which audits are bought and sold. As a consequence, audits no longer serve the economic purpose—providing information that protects investors and leads to efficient pricing of securities—that they once served.
Jonathan Macey & Hillary A. Sale, Observations on the Role of Commodification, Independence, and Governance in the Accounting Industry, 48 Vill. L. Rev. 1167, 1167 (2003). See generally O’Connor, Strengthening Independence, supra note 134.
. See Macey, supra note 14, at 332.
. “FSI removes auditors from capture and conflict risks inherent in their relationship with management by putting them in the employ of independent insurers with vested interests in quality financial reporting more closely aligned with investor interests.” Lawrence A. Cunningham, Choosing Gatekeepers: The Financial Statement Insurance Alternative to Auditor Liability, 52 UCLA L. Rev. 413, 415 (2004) [hereinafter Cunningham, FSI Alternative].
. Cunningham, Too Big to Fail, supra note 117, at 1738.
. On a very practical note (and in an effort to preserve the careers of my fellow and aspiring CPAs), I should offer this prophylactic prescription for licensing requirements: For those few states that still require public accounting experience (instead of any accounting experience), they should be encouraged to include FSI companies’ auditors as having “substantially equivalent” experience. I certainly do not intend for FSI to hurt CPAs, even while FSI could result in some of the most dramatic changes ever in assurance services practice.
. Macey, supra note 14, at 332.
. Id. at 339.
. “Weaknesses in the system were laid bare, including ratings that did not accurately reflect risk and faulty assumptions on how diversified pools with multiple layers of leverage would react.” Jenny Anderson & Heather Timmons, Why a U.S. Subprime Mortgage Crisis Is Felt Around the World, N.Y. Times, Aug. 31, 2007, at C1, available at http://www.nytimes.com /2007/08/31/business/worldbusiness/31derivatives.html.
. Qualified or “except-for” opinions are sometimes issued, but not frequently, and generally under extremely limited circumstances. See Whittington & Pany, supra note 21, at 685. They are certainly not desirable, where as a “B” on an A-F scale, or an 85% score might well be.
. EMH maintains that stock prices account for information already known, suggesting that outperforming the market is not consistently possible based on information know by others in the market. The most famous modern statement of this theory is Eugene F. Fama’s Efficient Capital Markets: A Review of Theory and Empirical Work, 25 J. Fin. 383, 383 (1970) (discussing efficiency as either weak, semi-strong, or strong in various contexts).
. See generally Lawrence A. Cunningham, A Model Financial Statement Insurance Act, 11 Conn. Ins. L. J. 69 (2004) (offering specific guidance as to many of these problems).
. See generally Macey, supra note 14 (discussing intermediaries in the context of Enron); see also Anderson & Timmons, supra note 177 (discussing the problems in risk ratings of subprime mortgage backed securities).
. “FSI removes auditors from capture and conflict risks.” Cunningham, Choosing Gatekeepers, supra note 172, at 415.
. See generally Ronen, supra note 151. Cunningham builds on Ronen’s work, calling his own work “a substantially modified, reinterpreted, and extended version of that sketched” by Ronen. Cunningham, Choosing Gatekeepers, supra note 172, at 416, n.4.
. Ronen, supra note 151, at 48.
. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, §201(a), 116 Stat. 771-72 (codified at 15 U.S.C. § 78j-1) (prohibiting the performance of both external and internal auditing by the same firm).
. Or “quack corporate governance” “legislating away a nonproblem,” to again use Roberta Romano’s words. Romano, supra note 47, at 1535-36.
. See O’Conner, Problem of Independence, supra note 134, at 754-55.