SOX 404 Attestation Reports For Foreign Subsidiaries Effect Of The Principles-Based Approach Of AS5

Tuesday, January 1, 2008 - 00:00

Editor's Note: U.S. companies have subsidiaries throughout the world. This interview describes how that is handled by auditors like Eisner LLP that do not have offices outside the U.S. In this interview Mr. Robbins describes how Baker Tilly works with Eisner on the UK aspects of 404 attestation reports.

Editor: Please tell our readers about Baker Tilly International and your responsibilities at Baker Tilly in the United Kingdom.

Robbins: Baker Tilly is the UK member firm of Baker Tilly International, one of the world's top ten accountancy and business services networks. Baker Tilly is a leading mid-tier firm of accountants and business advisors in the UK. Our gross revenue in the UK is a little over US$400 million. Eisner LLP, a U.S. accounting and business advisory service firm, is also an independent member of Baker Tilly International.

I am the head of risk and corporate governance services at Baker Tilly. Baker Tilly can either advise management on how to comply with Sarbanes-Oxley (SOX) or assist in performing audits.

Editor: How extensive is the Baker Tilly International network?

Robbins: Baker Tilly International is currently represented by 138 independent member firms in 104 countries. We have presence in just about every country, and in respect of Europe, we are represented in all the major economies, including France, Germany, Italy, Spain, Holland, Belgium, Switzerland, Sweden, and most of the Baltic States.

Editor: I understand that in connection with the 404 attestation reports by Eisner of companies based in the U.S. and subject to Sarbanes-Oxley, Baker Tilly provides the information with respect to the UK subsidiaries and divisions of such companies.

Robbins: Yes. If Eisner is auditing the financial statements worldwide on an assignment, my team assists with the audit work in the UK and in some European countries. Eisner is then responsible for the final reconciliation.

Editor: How are violations of UK and other foreign laws treated by you in evaluating the effectiveness of internal controls for 404 purposes?

Robbins: They are reported to management and to our U.S. firm as being failures from a UK perspective. The failure being the relationship to the financial statements. That doesn't mean they fail ultimately from a U.S. perspective.

Editor: What other issues arise? How are differences between IFRS and U.S. GAAP resolved?

Robbins: IFRS has been implemented over the last two years and there have been some problems. However, at this stage, our goal is to reconcile the information we provide to Eisner for their accounts with U.S. GAAP. Presently, a number of UK subsidiaries of U.S. businesses are moving closer to the IFRS standard because they see a convergence with U.S. GAAP down the road.

Editor: Concern has been expressed that fewer foreign companies are listing IPOs in the U.S. because of the cost and regulatory burdens imposed by SOX.

Robbins: During the first three years of SOX, we heard many complaints from management. One cause of the complaints was that the attestation report procedures required at that time were new to management and therefore time and labor intensive. The other was that requirements of Sarbanes-Oxley were rules-based rather than principles-based. Now because AS5 (Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That is Integrated With An Audit of Financial Statements) has, like the UK, adopted a principles-based approach, I believe that the time and cost to U.S. businesses will be reduced.

Editor: Under Section 10A of the Securities Exchange Act, auditors have the responsibility to advise the audit committee about potential illegalities when they uncover information indicating that an illegal act may have been committed. Do you consider that you have such responsibility when reviewing UK affiliates of U.S.-based companies in support of a 404 attestation report?

Robbins: Eisner provides our audit programs and audit guidance. If we uncovered something that needed further investigation, we would refer that directly to Eisner, as the reporting accountants, and take their advice on what to do.

Editor: The PCAOB adopted AS5, revising the auditing standards on internal controls. AS5 is not only principles-based, but also includes other changes. How have these changes affected your participation in 404 attestation reports? Do you believe that these changes are sufficient to alleviate the burdens companies face when implementing Section 404?

Robbins: This is our first year working under AS5, making it a little early to judge. Managements have reduced their testing by 20 to 30 percent because AS5 is taking a risk-based approach that is more principles-based than rules driven. The risk-based approach makes management feel more comfortable in discussing issues. In the past, we started by presenting some rules that must be complied with. If a risk was identified as part of the audit, management had to say what they were doing and then had to perform additional tests. Now, if a risk is identified and it is determined that it is not really material and could not be properly characterized as a material weakness, additional work may not be necessary. So that makes a big difference on the amount of management testing, and therefore auditor testing at the year-end.

This approach makes it much easier to identify real weaknesses. With the old approach, there was so much minutia that you could not see the woods for the trees. The information that was developed revealed thousands of little insignificant weaknesses. And, because there were so many, it was very easy to miss the real vulnerabilities. This time, theoretically speaking, we are just looking at items that are critical to ensuring that the financial statements are correct.

Most of the issues that SOX was designed to resolve were the high level management misdeeds that resulted in the scandals in the U.S. This is very different from a UK subsidiary not having the correct controls in place. Initially, that created a real bone of contention.

Editor: How did this affect costs?

Robbins: Prior to 2002-2003, many companies did not have their business processes that well documented. With the implementation of SOX, management had to document those processes which impacted upon the financial statements, write test programs, and perform management testing. This proved to be very costly. Due to the ambiguity in the Act and PCAOB guidance, many believe that initially auditors and management alike over-tested, but now we have learned and are only testing key areas. With experience, we have been able to reduce costs.

Editor: Auditors request opinions from law firms with respect to contingent liabilities. This may constitute a waiver of the attorney-client privilege. How big a problem is this?

Robbins: We don't encounter this issue in the work we perform for Eisner. This is because contingent liabilities that are important enough to require such an opinion are usually dealt with at the corporate level. It may be an issue for the Big 4 in the UK, who may be dealing with larger subsidiaries, but it is not a major issue for us at the present time.

Editor: Is there anything else you would like to mention in regard to your firm? The selection of your firm by Eisner would attest to your firm's capabilities.

Robbins: From a firm-wide point of view we continue to evolve. We are one of the youngest of the top seven accounting firms in the UK, but we are also one of the fastest growing ones. We are intent on continuing to offer our clients with international operations a global service.

Editor: You mentioned your European Network. Have you reached out to other countries?

Robbins: Outside of Europe and the U.S., China and India are both on peoples' minds. One of the issues that must be considered is regulation, or lack thereof. We are trying to enforce tier-one, world class regulation onto tier-three businesses. How can that be achieved effectively? It cannot be expected that a three-year-old business in China has the same governance and regulatory practices as a business that has been in existence for twenty, thirty or one hundred years in our market. Governance standards in the U.S. and UK have evolved significantly over the last fifteen years and have gone through a number of iterations. Now, suddenly, we are saying to businesses all over the world that they must operate in a similar manner. This is a massive undertaking. Business is evolving, but business owners and leaders in many of the emerging and developing countries are not accustomed to our form of regulation.

Editor: How do you think that this will play out in the future?

Robbins: The businesses with significant resources operating in those countries have and will have to dedicate a lot of time and effort into getting those countries ready for this system. A greater problem is when a significant acquisition is made in those countries, but I believe there is a twelve-month waiver on the first year of acquisition. Therefore, the issue is the length of time it takes to get those businesses up to speed. That is a significant consideration when making an acquisition in those countries.

Editor: Is reviewing the books of a potential acquisition in these countries a growing aspect of your business?

Robbins: It has been a large aspect for a number of years. The interesting question at the moment in considering the current credit crunch is how much the credit problem will affect our work. Will growth continue, or will it decline in the next twelve to twenty-four months? Global markets will affect that more than anything else.

Please email the interviewee at with questions about this interview.