Summary: This report responds to Representative John Dingell's request that GAO update our February 4, 2000, report on reporting under Section 10A of the Securities Exchange Act of 1934. Section 10A requires reporting to the Securities and Exchange Commission (SEC) when, during the course of a financial audit, an auditor detects likely illegal acts that have a material impact on the financial statements and appropriate remedial action is not being taken by management or the board of directors. In addition to reporting on the number of Section 10A reports submitted to the SEC and the status of SEC actions pertaining to Section 10A reports, we also agreed with Rep. Dingell's office to report on the current initiatives by the accounting profession pertaining to the auditor's responsibility for detecting fraudulent financial reporting. On October 1, 2002, we briefed his office on the number of Section 10A reports submitted to the SEC since our last report. This report responds to his February 25, 2003, request that we update that work, which we have updated to reflect Section 10A reports submitted to the SEC through May 15, 2003.
The Section 10A reporting requirements first became effective for fiscal years beginning on or after January 1, 1996. Since our February 2000 report, the SEC has received an additional 23 10A letters, bringing the total received since the requirement was implemented through May 15, 2003, to 29. Of the 29 SEC registrants named in the reports, 10 are currently subjects of active SEC enforcement investigations, 8 have had actions brought against them by the SEC, and 11 of the Section 10A reports were closed without formal action being taken by the SEC. According to SEC officials, all Section 10A reports are investigated. In some instances, the SEC took no formal action. However, the registrants, as a result of discussions with the SEC, took remedial action that the SEC found satisfactory. Through May 15, 2003, the SEC had filed seven actions against auditors for alleged violations of Section 10A for failing to report likely illegal acts materially impacting on a company's financial statements. Six of these cases have been settled with the majority of the auditors agreeing to suspensions from practicing before the SEC for periods ranging from 1 to 10 years. The remaining case was filed in January 2003 and is currently in litigation. In 2002, the American Institute of Certified Public Accountants (AICPA) issued a new audit standard for detecting fraud, Statement on Auditing Standards (SAS) 99: Consideration of Fraud in a Financial Statement Audit. The AICPA believes SAS 99 will substantially change auditor performance, thereby improving the likelihood that auditors will detect material misstatements in financial statements due to fraud by placing an increased focus on exercising professional skepticism throughout the audit. The new standard calls for auditors in planning and performing the audit to identify and consider risks of material misstatement due to fraud through brainstorming among audit team members, inquiring of management, performing analytical procedures, considering inappropriate reporting of revenue and management override of internal controls, evaluating internal controls that address the identified risks of fraud, and assessing throughout the audit and at the completion of the audit the risk of fraud based on the results of auditing procedures. The new standard also requires auditors to communicate about fraud to management, the audit committee, and others, and to document the auditors' consideration of fraud. SAS 99 has been adopted on an interim basis by the Public Company Accounting Oversight Board (PCAOB) for audits of public companies registered with the PCAOB. However, upon completion of its review of SAS 99, the PCAOB may modify, repeal, replace or adopt permanently the standard for audits of registered public companies. The Sarbanes-Oxley Act of 2002 also contains a number of provisions aimed at improving the quality of audits of public companies including more audit committee involvement with the auditor, a requirement for auditors to attest to management's assessment of internal controls over financial reporting, a requirement for audit partner rotation, prohibition of certain nonaudit services to audit clients, prohibition of providing audit services to a company that employs as a top official a previous member of the audit engagement team, and greater penalties for failure to report fraud. We believe these new provisions should enhance the auditor's ability to comply with the requirements of the auditing standard for detecting and reporting fraud.
