The Council of Securities Regulators of the Americas ("COSRA")
supports full and fair disclosure of information about public
enterprises, including presentation of financial information.
Full and fair disclosure is essential to investor protection,
enhances investor confidence, and promotes market liquidity and
Independent auditors play a critical role in enhancing the reliability
of financial information by attesting as to whether the financial
statements prepared by management fairly present the financial
condition and past performance of the public enterprise in compliance
with accepted standards. Audits should be conducted in accordance
with a comprehensive body of high quality auditing standards.
To improve the quality and oversight of financial information
reported by public enterprises, COSRA members studied mechanisms
to enhance oversight of independent auditors. In this sense,
COSRA members determined that to effectively oversee independent
auditors, an oversight framework would require the following components:
- Qualifications: ensuring that independent auditors
are properly qualified and required to maintain professional competence;
- Independence: ensuring that auditors are independent
in fact and appearance from the enterprises that they audit;
- Oversight: monitoring compliance with applicable laws, regulations and standards imposed by self-regulatory or professional organizations and/or government authorities; and
- Enforcement and Sanctions: enforcing laws, regulations
and standards governing the activities of independent auditors.
The principles set forth herein are intended to assist securities
market regulatory authorities in developing and enhancing legal
and regulatory structures for the oversight of independent auditors.
The adoption of mechanisms to implement these principles will
vary and depend on regulatory structures in each jurisdiction.
These principles complement COSRA's "Framework for Full
and Fair Disclosure in the Americas" (1994) and the "Declaration
on Combatting Bribery in the Americas" (1996). COSRA members
recognize that it is essential that regulators work with the auditing
profession in order to develop and implement mechanisms to effectively
oversee independent auditors. These efforts will also need to
be enhanced by cooperation between regulators and industry to
increase the public's knowledge of auditing.
1. Qualifications: Auditors of public enterprises should
be required to have proper qualifications and competency before
being licensed to perform audits, and to take steps to maintain
Requiring qualifications for auditors ensures that they have
proper competency. Having qualified professionals audit public
enterprises' financial statements will improve financial reporting
and enhance investor confidence that the underlying financial
statements include full and fair disclosure.
Proper qualification of independent auditors can be established
a number of ways. For example, the qualification process should
involve concentration in accounting and auditing at the university
level or through a similarly accredited professional body. In
addition, establishing a set period of minimum professional experience
is useful in training auditors. A test for proficiency should
be required before a license is obtained. If specialties in
specific areas of auditing (e.g. financial services, taxation)
are recognized, consideration might also be given to testing or
requiring experience to ensure reasonable competence in such areas.
Given the speed with which business changes and the need for
auditors to ensure that their skills are up-to-date, consideration
also should be given to a requirement that auditors undertake
periodic continuing professional education programs, as well as
other means to maintain professional competence.
Establishing qualification requirements and requiring maintenance
of professional competency will help maintain and enhance the
level of expertise of auditors. Moreover, the risk that authorization
can be revoked for failure to have or maintain the necessary qualification
provides an incentive for compliance and adherence to auditing
2. Independence: Auditors of public enterprises should
be required to be independent of the enterprises that they audit.
The condition of auditor independence must be met both in fact
and appearance and be assessed regularly.
Auditor independence is essential to the process of providing
an objective, unbiased review of management's representations
in an enterprise's financial statements. The auditor's opinion
on the financial statements of public enterprises will be relied
upon by a range of interested parties, including both existing
and potential shareholders, underwriters, investment advisers,
creditors, employees, and government agencies to make decisions.
The public perception of the credibility of the independent auditor's
role is a matter of concern to regulators and the profession,
because a lack of public confidence could compromise the reputation
for objectivity and independence that should be the hallmark of
Certain restrictions on the client relationship are particularly
critical to ensuring the auditor's independence from the client.
The relationship between auditors and the enterprises they audit
should be strictly professional, in particular when it comes to
hiring, monitoring the progress of work, and discussing technical
issues which may arise. The benefits from extending the auditor's
relationship with an enterprise must constantly be balanced against
the possible risks of compromising both the auditor's independence
and the safeguards which are in place.
Common techniques imposed by regulators, the auditing profession,
or the auditing firm to ensure independence include prohibitions
on financial interests or shareholdings in a client enterprise,
prohibitions on indebtedness to a client enterprise, and periodic
rotation of auditors or rotation of personnel within the firm
auditing the same enterprise. Regulators and the profession could
provide further guidance by formulating examples of specific fact
scenarios and a conclusion as to whether an auditor would be considered
independent under the circumstances, and helping to clarify the
boundaries that should be observed by auditors while performing
audits of public enterprises.
Another possible mechanism to ensure independence is to examine
whether a particular set of circumstances creates a dependency
on the part of the auditor that appears to bias the audit of
a client enterprise. For example, if an auditor has only one
or two major clients, that may create an excessively close relationship
or dependency on those clients, and additional steps should be
taken to ensure independence.
As the auditing profession adapts to the changing needs of businesses,
ensuring auditor independence will be an increasingly important
and challenging task. In order to achieve this goal, regulators
should work together with the professional association and have
the necessary expertise to recognize new situations which represent
conflicts of interest for the auditors.
3. Oversight: Self-regulatory or professional organizations
may exercise, directly or indirectly, oversight responsibility
for the development and implementation of auditing standards,
as well as ethical standards. A government authority should
have the ability to exercise authority over audits of public enterprises.
An effective oversight system should promote the fair presentation
of financial information provided by public enterprises. To achieve
this goal, there should be mechanisms for imposing responsibility
and accountability on auditors.
A system of shared oversight responsibility can be pictured as
a pyramid. The bottom tier is comprised of auditors and auditing
firms, which are members of self-regulatory or professional organizations
that have established membership standards. The second tier consists
of the self-regulatory or professional organization. At the top
of the pyramid, oversight authority rests with the government
In such a system, the first level of oversight should be conducted
by the auditing firms themselves. These firms are responsible
for training and educating their employees, updating them on applicable
laws, regulations, and rules of their self-regulatory or professional
organization (including auditing standards and standards of professional
conduct), and supervising their activities. Firms' accountability
for the actions of their employees creates an incentive for them
to oversee and supervise their staff.
At the next level, the self-regulatory or professional organization
should develop auditing rules or standards; carry out the purposes
of governing laws, regulations, and self-regulatory or professional
organization rules; enforce compliance by its members and persons
associated with its members with those laws, regulations and rules
and impose appropriate sanctions for noncompliance; and encourage
cooperation with government authorities to enhance oversight.
The self-regulatory or professional organization may also be
responsible for developing and administering a proficiency examination
to be given to those persons seeking a license to practice auditing.
In some cases, however, the governmental authority may perform
this function. The self-regulatory or professional organization
should treat all members or applicants for membership in a fair
and consistent manner, and assure a fair representation of members
in selection of its directors and administration of its affairs.
The government authority is the top level of the pyramid. To
ensure an effective balance of public and industry interests,
the government authority should retain the power to direct, when
necessary, the self-regulatory or professional organization toward
more effective oversight. The government authority should also
have the power and the expertise required to carry out the purposes
of governing laws and regulations. The government authority should
monitor the quality of the self-regulatory or professional organization's
performance, which may include the establishment of a mechanism
for reviewing and/or approving the rules or standards of self-regulatory
or professional organizations.
A system for oversight may be enhanced by establishing and maintaining
an official liaison between the government authority and the self-regulatory
or professional organization.
COSRA members have also identified several mechanisms to enhance
the ability of self-regulatory or professional organizations and
government authorities to oversee independent auditors, including
peer review, audit committees, and the mandatory notification
of changes of auditors.
Peer review involves an auditing firm subjecting itself to a
review by another independent auditing firm or by a self-regulatory
or professional organization. The objective of a peer review
is to ensure that auditing firms auditing the financial statements
of public enterprises have adequate quality control systems in
place. Procedures followed in conducting a peer review typically
include: reviewing the firm's quality control for its auditing
practice; testing the firm's compliance with that control system;
and reporting on whether the firm's quality control system conforms
with the appropriate professional standards. The peer review
process should be subject to oversight by the applicable self-regulatory
or professional body, government authority, or some combination
An audit committee is a sub-committee of the main board of directors
of a public enterprise. Audit committees typically review possible
conflict of interest transactions which might include conflicts
of interest with respect to the independent auditors. Typical
functions of audit committees include: recommending the hiring
of an independent auditor to the board of directors; reviewing
the scope of the annual audit; reviewing with independent auditors
corporate accounting practices and policies; recommending to whom
within the enterprise audit reports should be submitted; reviewing
with internal and independent auditors overall accounting and
financial controls; and being available to the independent auditors
during the year for consultation purposes. It is preferable that
the audit committee be composed of non-executive members with
Mandatory notification of changes of auditors is designed to
discourage public enterprises from engaging in "opinion shopping"
for auditors willing to support particular accounting treatments,
including those that might not represent reliable reporting.
Regulators may require public enterprises to report changes in
auditors promptly, and may also require a statement from the enterprise
as to whether during a certain period of time prior to the change,
there were any disagreements with the former auditor on any matter
relating to accounting principles or practices, financial statement
disclosure, or auditing scope or procedure. Information also
should be provided as to whether the disagreements were resolved
to the former auditor's satisfaction. Auditors may also be required
to notify regulators of the cessation of a client-auditor relationship
with a public enterprise.
COSRA members may also wish to consider additional mechanisms.
For example, if there is a reason to believe that an audit is
inadequate, an additional audit from another firm could be solicited.
4. Enforcement and Sanctions: A strong enforcement program that includes a range of sanctions for non-compliance is necessary to effectively oversee independent auditors.
A strong enforcement program will have a positive influence on
the practices of independent auditors with respect to hiring,
staffing, training, quality control, and acceptance of clients.
In addition, making information about specific proceedings available
to the public will enhance their deterrent effect. The ultimate
beneficial consequence of an effective enforcement program will
be a more vigorous profession, a stronger self-regulatory or professional
organization, and increased confidence by those persons who rely
on the financial statements of public enterprises and reports
produced by the auditing firms.
In order to provide an effective compliance mechanism, COSRA
members considered the importance of sanctions. A range of sanctions
should be available to be imposed on auditors (including auditing
firms as well as individual auditors) by self-regulatory or professional
organizations, securities regulators, and, where necessary, judicial
authorities, such as those described below:
- monetary sanctions;
- disqualification from serving in certain capacities in the market;
- suspension, limitation on activity, or revocation of authorization;
- proscriptions against further non-compliance.
Having access to trained investigators with an expertise in accounting
and auditing to analyze allegations of violations and pursue sanctions
may enhance the regulator's ability to undertake successful enforcement
actions. In addition, ensuring that regulators have sufficient
legal authority to obtain relevant information from any person
in the regulator's jurisdiction, as well as the ability to obtain
and provide enforcement cooperation to foreign counterparts will
enhance enforcement efforts.