Should we use a CPA or a non-CPA to conduct the IPSA audit?
SEC expressly allowed non-CPAs in the final rule. This was in response to many commenters who highlighted the different expertise and perspectives that non-CPAs could provide. SEC also acknowledged that opening the IPSA Audit opportunity could provide a more competitive arena. www.DFCMaudit.com believes that non-CPAs can have different ways of evaluating non-financial compliance, operations, management systems, non-financial drivers, risk management, and readiness for new requirements.
What other types of auditors are there?
There are many groups that certify auditors. The Certified Risk Management Auditor designation is granted by the Institute of Internal Auditors. The Certified Professional Environmental Auditor designation is granted by the Board of Environmental, Health & Safety Auditor Certifications. The Certified Energy Auditor program is managed by the Association of Energy Engineers. There are more.
What criteria should we use to select IPSA auditors?
As with selecting any professional service provider, a filer should review qualifications, capabilities, capacity, and ability to provide the work. Certifications demonstrate a certain level of proficiency. Review the certifications, including their standards, independence criteria, code of conduct, requirements for continuing education, oversight, and other factors that reflect the importance of the selection of the IPSA Auditor. The professional service is personal. Interview the prospective IPSA auditor and check references. Select a IPSA Auditor with similar views on DFCM, organizational goals, level of professionalism – and a personality compatible with the people s/he will be working with.
Can our financial auditors do the IPSA audit?
Yes, the DFCM final rule allows the financial auditors to conduct the independent IPSA Audit. The fees for the independent IPSA Audit are not considered fees for the financial audit, and must be included in disclosure of non-[financial] audit fees the company pays to the financial auditor.
Is the trend for filers to use their financial auditors to conduct the IPSA Audit?
It’s hard to say what the “trend” is yet, since 2013 isn’t over. Many filers we have talked to have indicated their intention of using another provider. They have indicated several reasons, including their expectation of lower fees, belief that other IPSA Auditors are better suited to the task, and wanting to avoid the internal company protocols to obtain approval to use the financial auditor for efforts that require disclosure of fees.
Will the SEC change their mind and require a CPA to do the IPSA audit later?
We can’t see the future either (otherwise, we’d buy lottery tickets). If this happens, then filers must use CPAs. However, this would be inconsistent with SEC’s actions on DFCM thus far. The preamble in the final rule discussed at least ten issues commenters raised regarding the independent audit. SEC’s decisions in the final rule had the overwhelming effect of reducing the burden on the regulated community – from identifying tightly focused auditing objectives to allowing non-CPAs to conduct the audits. The issues where SEC declined to provide relief to the regulated community were largely those issues where it felt it did not have the statutory authority to do so. Against this backdrop, www.DFCMaudit.com believes it is unlikely the SEC would impose this requirement.