PRINCIPLES FOR OVERSIGHT OF INDEPENDENT AUDITORS

PREAMBLE

The Council of Securities Regulators of the Americas ("COSRA") supports full and fair disclosure of information about public enterprises, including presentation of financial information. Full and fair disclosure is essential to investor protection, enhances investor confidence, and promotes market liquidity and efficiency.

Independent auditors play a critical role in enhancing the reliability of financial information by attesting as to whether the financial statements prepared by management fairly present the financial condition and past performance of the public enterprise in compliance with accepted standards. Audits should be conducted in accordance with a comprehensive body of high quality auditing standards.

To improve the quality and oversight of financial information reported by public enterprises, COSRA members studied mechanisms to enhance oversight of independent auditors. In this sense, COSRA members determined that to effectively oversee independent auditors, an oversight framework would require the following components:

- Qualifications: ensuring that independent auditors are properly qualified and required to maintain professional competence;

- Independence: ensuring that auditors are independent in fact and appearance from the enterprises that they audit;

- Oversight: monitoring compliance with applicable laws, regulations and standards imposed by self-regulatory or professional organizations and/or government authorities; and

- Enforcement and Sanctions: enforcing laws, regulations and standards governing the activities of independent auditors.

The principles set forth herein are intended to assist securities market regulatory authorities in developing and enhancing legal and regulatory structures for the oversight of independent auditors. The adoption of mechanisms to implement these principles will vary and depend on regulatory structures in each jurisdiction. These principles complement COSRA's "Framework for Full and Fair Disclosure in the Americas" (1994) and the "Declaration on Combatting Bribery in the Americas" (1996). COSRA members recognize that it is essential that regulators work with the auditing profession in order to develop and implement mechanisms to effectively oversee independent auditors. These efforts will also need to be enhanced by cooperation between regulators and industry to increase the public's knowledge of auditing.

1. Qualifications: Auditors of public enterprises should be required to have proper qualifications and competency before being licensed to perform audits, and to take steps to maintain professional competence.

Requiring qualifications for auditors ensures that they have proper competency. Having qualified professionals audit public enterprises' financial statements will improve financial reporting and enhance investor confidence that the underlying financial statements include full and fair disclosure.

Proper qualification of independent auditors can be established a number of ways. For example, the qualification process should involve concentration in accounting and auditing at the university level or through a similarly accredited professional body. In addition, establishing a set period of minimum professional experience is useful in training auditors. A test for proficiency should be required before a license is obtained. If specialties in specific areas of auditing (e.g. financial services, taxation) are recognized, consideration might also be given to testing or requiring experience to ensure reasonable competence in such areas.

Given the speed with which business changes and the need for auditors to ensure that their skills are up-to-date, consideration also should be given to a requirement that auditors undertake periodic continuing professional education programs, as well as other means to maintain professional competence.

Establishing qualification requirements and requiring maintenance of professional competency will help maintain and enhance the level of expertise of auditors. Moreover, the risk that authorization can be revoked for failure to have or maintain the necessary qualification provides an incentive for compliance and adherence to auditing standards.

2. Independence: Auditors of public enterprises should be required to be independent of the enterprises that they audit. The condition of auditor independence must be met both in fact and appearance and be assessed regularly.

Auditor independence is essential to the process of providing an objective, unbiased review of management's representations in an enterprise's financial statements. The auditor's opinion on the financial statements of public enterprises will be relied upon by a range of interested parties, including both existing and potential shareholders, underwriters, investment advisers, creditors, employees, and government agencies to make decisions. The public perception of the credibility of the independent auditor's role is a matter of concern to regulators and the profession, because a lack of public confidence could compromise the reputation for objectivity and independence that should be the hallmark of the profession.

Certain restrictions on the client relationship are particularly critical to ensuring the auditor's independence from the client. The relationship between auditors and the enterprises they audit should be strictly professional, in particular when it comes to hiring, monitoring the progress of work, and discussing technical issues which may arise. The benefits from extending the auditor's relationship with an enterprise must constantly be balanced against the possible risks of compromising both the auditor's independence and the safeguards which are in place.

Common techniques imposed by regulators, the auditing profession, or the auditing firm to ensure independence include prohibitions on financial interests or shareholdings in a client enterprise, prohibitions on indebtedness to a client enterprise, and periodic rotation of auditors or rotation of personnel within the firm auditing the same enterprise. Regulators and the profession could provide further guidance by formulating examples of specific fact scenarios and a conclusion as to whether an auditor would be considered independent under the circumstances, and helping to clarify the boundaries that should be observed by auditors while performing audits of public enterprises.

Another possible mechanism to ensure independence is to examine whether a particular set of circumstances creates a dependency on the part of the auditor that appears to bias the audit of a client enterprise. For example, if an auditor has only one or two major clients, that may create an excessively close relationship or dependency on those clients, and additional steps should be taken to ensure independence.

As the auditing profession adapts to the changing needs of businesses, ensuring auditor independence will be an increasingly important and challenging task. In order to achieve this goal, regulators should work together with the professional association and have the necessary expertise to recognize new situations which represent conflicts of interest for the auditors.

3. Oversight: Self-regulatory or professional organizations may exercise, directly or indirectly, oversight responsibility for the development and implementation of auditing standards, as well as ethical standards. A government authority should have the ability to exercise authority over audits of public enterprises.

An effective oversight system should promote the fair presentation of financial information provided by public enterprises. To achieve this goal, there should be mechanisms for imposing responsibility and accountability on auditors.

A system of shared oversight responsibility can be pictured as a pyramid. The bottom tier is comprised of auditors and auditing firms, which are members of self-regulatory or professional organizations that have established membership standards. The second tier consists of the self-regulatory or professional organization. At the top of the pyramid, oversight authority rests with the government authority.

In such a system, the first level of oversight should be conducted by the auditing firms themselves. These firms are responsible for training and educating their employees, updating them on applicable laws, regulations, and rules of their self-regulatory or professional organization (including auditing standards and standards of professional conduct), and supervising their activities. Firms' accountability for the actions of their employees creates an incentive for them to oversee and supervise their staff.

At the next level, the self-regulatory or professional organization should develop auditing rules or standards; carry out the purposes of governing laws, regulations, and self-regulatory or professional organization rules; enforce compliance by its members and persons associated with its members with those laws, regulations and rules and impose appropriate sanctions for noncompliance; and encourage cooperation with government authorities to enhance oversight. The self-regulatory or professional organization may also be responsible for developing and administering a proficiency examination to be given to those persons seeking a license to practice auditing. In some cases, however, the governmental authority may perform this function. The self-regulatory or professional organization should treat all members or applicants for membership in a fair and consistent manner, and assure a fair representation of members in selection of its directors and administration of its affairs.

The government authority is the top level of the pyramid. To ensure an effective balance of public and industry interests, the government authority should retain the power to direct, when necessary, the self-regulatory or professional organization toward more effective oversight. The government authority should also have the power and the expertise required to carry out the purposes of governing laws and regulations. The government authority should monitor the quality of the self-regulatory or professional organization's performance, which may include the establishment of a mechanism for reviewing and/or approving the rules or standards of self-regulatory or professional organizations.

A system for oversight may be enhanced by establishing and maintaining an official liaison between the government authority and the self-regulatory or professional organization.

COSRA members have also identified several mechanisms to enhance the ability of self-regulatory or professional organizations and government authorities to oversee independent auditors, including peer review, audit committees, and the mandatory notification of changes of auditors.

Peer review involves an auditing firm subjecting itself to a review by another independent auditing firm or by a self-regulatory or professional organization. The objective of a peer review is to ensure that auditing firms auditing the financial statements of public enterprises have adequate quality control systems in place. Procedures followed in conducting a peer review typically include: reviewing the firm's quality control for its auditing practice; testing the firm's compliance with that control system; and reporting on whether the firm's quality control system conforms with the appropriate professional standards. The peer review process should be subject to oversight by the applicable self-regulatory or professional body, government authority, or some combination thereof.

An audit committee is a sub-committee of the main board of directors of a public enterprise. Audit committees typically review possible conflict of interest transactions which might include conflicts of interest with respect to the independent auditors. Typical functions of audit committees include: recommending the hiring of an independent auditor to the board of directors; reviewing the scope of the annual audit; reviewing with independent auditors corporate accounting practices and policies; recommending to whom within the enterprise audit reports should be submitted; reviewing with internal and independent auditors overall accounting and financial controls; and being available to the independent auditors during the year for consultation purposes. It is preferable that the audit committee be composed of non-executive members with appropriate experience.

Mandatory notification of changes of auditors is designed to discourage public enterprises from engaging in "opinion shopping" for auditors willing to support particular accounting treatments, including those that might not represent reliable reporting. Regulators may require public enterprises to report changes in auditors promptly, and may also require a statement from the enterprise as to whether during a certain period of time prior to the change, there were any disagreements with the former auditor on any matter relating to accounting principles or practices, financial statement disclosure, or auditing scope or procedure. Information also should be provided as to whether the disagreements were resolved to the former auditor's satisfaction. Auditors may also be required to notify regulators of the cessation of a client-auditor relationship with a public enterprise.

COSRA members may also wish to consider additional mechanisms. For example, if there is a reason to believe that an audit is inadequate, an additional audit from another firm could be solicited.

4. Enforcement and Sanctions: A strong enforcement program that includes a range of sanctions for non-compliance is necessary to effectively oversee independent auditors.

A strong enforcement program will have a positive influence on the practices of independent auditors with respect to hiring, staffing, training, quality control, and acceptance of clients. In addition, making information about specific proceedings available to the public will enhance their deterrent effect. The ultimate beneficial consequence of an effective enforcement program will be a more vigorous profession, a stronger self-regulatory or professional organization, and increased confidence by those persons who rely on the financial statements of public enterprises and reports produced by the auditing firms.

In order to provide an effective compliance mechanism, COSRA members considered the importance of sanctions. A range of sanctions should be available to be imposed on auditors (including auditing firms as well as individual auditors) by self-regulatory or professional organizations, securities regulators, and, where necessary, judicial authorities, such as those described below:

- censure;

- monetary sanctions;

- disqualification from serving in certain capacities in the market;

- suspension, limitation on activity, or revocation of authorization; and

- proscriptions against further non-compliance.

Having access to trained investigators with an expertise in accounting and auditing to analyze allegations of violations and pursue sanctions may enhance the regulator's ability to undertake successful enforcement actions. In addition, ensuring that regulators have sufficient legal authority to obtain relevant information from any person in the regulator's jurisdiction, as well as the ability to obtain and provide enforcement cooperation to foreign counterparts will enhance enforcement efforts.



E-Mail: intl@cvm.gov.br