The passing of the Sarbanes-Oxley Act into law on 30 July 2002 has created a tidal wave of reform heading towards Europe, which currently is probably mid-Atlantic.

While many of the provisions of the Act were effective immediately, there remained many substantial and important provisions which required further regulations to be issued. Of the two substantial provisions affecting professional services firms such as my own, additional guidance has only thus far been issued on Auditor Independence. I await, nervously, the guidance on internal control reporting and the requirement of auditors to attest to those reports.

I have tried to illustrate below some of the ways in which the Act will have a practical impact on UK companies who in some way are affiliated to the US.

Who is affected by the Act?
The Act applies to US public companies, which includes foreign companies listed in the US – usually dual-listings – together with foreign subsidiaries of US public companies, and foreign companies who are required to register with the SEC due to their US shareholder base; known as Foreign Private Issuers.

Based on information available at 31 December 2001 there were 143 UK companies listed in some capacity in the US and therefore directly affected. I have no accurate information as to the number of subsidiaries.

In my view, however, the principals of the Act will also be applied to private companies in the US and therefore also their foreign subsidiaries.

What are the implications?
The most significant implications of the Act are as follows:
• CEO and CFO certifications that the financial statements are not materially misleading and they present fairly the accounts. Whilst this was always implicit, the explicit confirmation appears to be generating requests from US-based CEO’s and CFO’s to their overseas counterparts asking them to give similar “internal” certifications
• Requirement to report publicly on internal controls – which in turn must be reported on by your external auditors. As noted above, this is one of the areas where detailed rules and guidance has yet to be issued
• Significant corporate governance reforms regarding the Audit Committee, most notably the responsibility to pre-approve permitted non-audit services
• Prohibition on non-audit services being provided by your external auditors, with the general exception of tax. The definition of “non-audit services” is wide, but generally clear

Practical issues with compliance
As with the CEO and CFO certifications noted above, I expect to see additional demands being made of overseas management (and their auditors) to report to their US parent on their local system of internal controls. As this will be a public report, and likely to require extensive disclosure limited presumably by some “safe harbour” language, neither the CEO, CFO or Audit Committee will want the accusation of over-looking a particular subsidiary for fear of not identifying future potential problems. Accordingly, Audit Committees together with Head Office management are likely to adopt a blanket approach across all subsidiaries, at least in the first year of adoption. In addition, where there is asymmetry between parent company auditors and those of the subsidiary, doubtless the parent company auditors will seek to limit their overall risk by also asking for such reports.

As this is certainly an area outside the comfort zone of both companies and their auditors, one can expect to see much activity in the drafting of appropriate, limiting language by auditors and foreign management. It is doubtful as to what value this will generate for the affected corporation.

Secondly, there is the issue of permitted and prohibited non-audit services provided by your external auditors. Dealing with the latter first, this is very clear. Your current auditors cannot perform those items defined as “prohibited”. This includes inter alia: book-keeping services, valuations and fairness opinions, internal audit, management functions, the recruitment of staff and expert services.

Prior to the rules being issued there was much debate as to whether tax services would be prohibited. Commentators noted the proposed prohibition of “expert services” and made the leap to mean this covered tax advice and planning. The issued rules, in fact, permit the provision of tax services but emphasise the need for the Audit Committee to be the ultimate arbiter on the matter. Indeed this is the general point about permitted non-audit services – they must be preapproved by the Audit Committee in order to ensure that your external auditors remain independent.

Within a global group, easy and effective access to the Audit Committee by local management and their advisors may be problematic. The Auditor Independence rules recognise this problem in part and allow the approval of permitted non-audit services after they have been performed provided approval is given before the financial statements are issued. But this still requires an approval process to be performed.

Management will most certainly need to hire other auditors to perform those services now prohibited. Overseas (and US) management may also prefer to hire other auditors to perform the permitted non-audit, such as tax, as this would remove the need to communicate with the Audit Committee and justify one’s proposal. On the basis Audit Committee’s are likely to be sceptical at best, this is likely to be the route of least resistance.

For US companies looking to expand overseas, finding one firm to perform the audit and another to help with book-keeping, payroll etc and possibly tax services will be necessary. Remember that in the UK all private companies above a certain size (which is not very high) require an audit. In my view, this applies to private as well as public companies.

Unstoppable?
The issues of auditor independence, as with many of the other provisions of the Act, are hot topics in a UK and European context. There has been much comment in the UK about how such rules are over-bearing, unnecessary, illegal in certain jurisdictions etc. In my view, the guidance on auditor independence in particular will either be adopted formally by the EU, or forced upon companies by their Audit Committees and/or shareholders.

The argument as to whether the Act can extend its reach beyond the US borders will doubtless continue. In practical terms however, it already has.

David Anderson is Partner and UK Head of US-related
Services at BDO Stoy Hayward Tel: +44 (0) 20 7893 2320.
E-mail: david.anderson@bdo.co.uk