The Integrity News
Vol. XIII No. 16
'objective risk management services"
November 30, 2004
We have received numerous calls from our public
company ( issuer ) clients inquiring about what the
"Sarbanes-Oxley Act of 2002" ( SOX ) means to
their programs for background checking.
Please note in the following that it would be advisable
for issuers, companies thinking of becoming issuers,
and companies that may be acquired by issuers, to
understand what is currently required, and what may
Starting with calls to the Special Counsel, Division of
Corporation Finance of the Securities and Exchange
Commission (SEC), we were eventually referred to
the Public Company Accounting Oversight Board
(PCAOB) that was created under Section 105 of SOX.
There, we found that our questions would be answered
by the attorney who is the ethics officer for the PCAOB.
SOX directs the PCAOB "to establish, by rule, fair
procedures for the investigation and discipline of
registered public accounting firms and associated
persons of such firms". Section 103 of SOX "directs
the PCAOB to establish auditing and related attestation,
quality control, ethics, and independence standards and
rules to be used by registered public accounting firms
in the preparation and issuance of audit reports".
Further, SOX "grants the PCAOB broad investigative
and disciplinary authority over registered public
accounting firms and persons associated with such firms".
Hence, the PCAOB was created to register and monitor
public accounting firms and those firms are now known
as U.S. Public Accounting Firms. Those registered firms
are the ONLY firms that can audit issuers. The audit
guidelines for those audit firms are the "effective"
rules --- that is, the PCAOB rules that have been
adopted by the PCAOB and approved by the SEC.
It is important to recognize that SOX was passed "to
oversee the auditors of public companies in order to
protect the interests of investors and further the public
interest in the preparation of informative, fair, and
independent audit reports".
Thus, the program is for the SEC via the PCAOB to
ride herd on the audit firms and provide them with the
audit rules so that they, the audit firms, can then ride
herd on the issuers.
With the above in mind, when we were asked to submit
our question in writing to the PCAOB, we submitted
the following: "With regard to background checks,
what RULES are the audit firms being told by the
PCAOB to adhere to in this regard when auditing their
public company clients ?"
We went on to say that "Our public company clients
will do what is necessary to comply with both the
letter and the intent of an audit. However, in the event
that the background checking expected by the audit
firms, for the CEO and below, is greater than their
current in-house standards, how do they know what
they should be doing ? They would like to have us
be able to tell them the rules for audit-acceptable
background checking procedures. We need to get
those rules from the PCAOB."
The answer was that as of 11/24/04, there is no
PCAOB rule that directs audit firms on how to audit
public company background checking procedures.
However, before one interprets that as possibly
meaning that background checking is not important
to audits, realize that the PCAOB ethics officer said
that the long-standing Section 21(d)(2) of the Exchange
Act already addresses this issue.
The ethics officer also said that "any rules on this
subject in the future would appear on the PCAOB
website". So, it would be wise for those responsible
for background checking to become familiar with
Government officials responsible for uncovering fraud
and the financing of terrorist acts will always tend toward
being cautious. Likewise, audit firms, being monitored
by the PCAOB, will be cautious too --- and likely err
on the side of requiring more, rather than less, background
information. You must make a serious effort to keep
undesirable individuals out of your operations.
You can get the most recent information that we have
on SOX and other topics, including state-of-the-art HR
automation technology, by calling
The Integrity Center, Inc.
at (972) 484-6140.
Helping you with your Risk Management and HR Automation is what we do.