SEC Proposes Shareholder Access Alternatives, Approves AS-5 and Adopts Definition of Significant Deficiency; PCAOB Proposes Amendments to Auditor Independence Rules

July 25, 2007

At a meeting today, the Securities and Exchange Commission (“SEC”) took several significant actions, including:

  • approving releases relating to revisions to the proxy process;
  • approving a new Public Company Accounting Oversight Board (“PCAOB”) auditing standard, Auditing Standard No. 5 (“AS-5”), for the audits of internal control over financial reporting under Section 404 of Sarbanes-Oxley;
  • adopting rule amendments to define the term “significant deficiency”; and
  • voting to publish a Concept Release to solicit public comment on allowing U.S. issuers to use International Financial Reporting Standards (“IFRS”) in preparing financial statements.

Also, at a meeting held on July 24, 2007, the PCAOB proposed two auditor independence rules, including a proposal that would supersede the PCAOB’s interim standard regarding required communications with audit committees.

A summary of the proposed revisions to the SEC’s proxy rules, AS-5, the IFRS Concept Release, and other SEC and PCAOB rules and rule proposals is set forth below. The portions of this summary relating to the Concept Release and amendments to the SEC’s proxy rules are based on information provided at the SEC’s open meeting, and therefore may not reflect nuances that will appear in the Concept Release and proposing release, which are expected to be issued shortly.

Proposed Revisions to the Proxy Process

The SEC voted 3-2 to approve two rulemaking proposals addressing whether, under the SEC’s shareholder proposal rule (Rule 14a-8), companies must include so-called “proxy access” proposals in company proxy statements. The SEC also proposed rule amendments intended to facilitate electronic shareholder forums and is seeking comment on other aspects of the shareholder proposal rule. The releases result from what Chairman Cox described as a “careful and extensive review of the proxy process,” which included three roundtables hosted by the SEC in May 2007.

Proxy Access Shareholder Proposals

Proxy access proposals are shareholder proposals that seek to establish a process, often by proposing a bylaw amendment, under which director candidates nominated by shareholders would be named in the company’s proxy statement and included on the company’s proxy card. Since at least 1990, the SEC has permitted companies to exclude such proposals from their proxy statements under Rule 14a-8(i)(8) because the proposals would result in contested elections. However, in September 2006, the United States Court of Appeals for the Second Circuit in AFSCME v. AIG held that the SEC’s interpretation of Rule 14a-8(i)(8) reflected an unexplained change in interpretation.

The first release approved today by the SEC reaffirms the SEC’s historical interpretation of Rule 14a-8 pursuant to which all proxy access shareholder proposals are excludable. The release also proposes an amendment to Rule 14a-8(i)(8) codifying the SEC’s interpretation. Under the proposed amendment, the rules would clearly state that proxy access proposals are excludable.

In contrast, the second release approved by the SEC proposes amendments to permit the inclusion of certain proxy access shareholder proposals and to require additional disclosures by proponents and companies when such proposals are included. Specifically, a proxy access shareholder proposal would not be excludable under Rule 14a-8(i)(8) if:

  • the shareholder proposal is binding;
  • the shareholder proposal seeks to amend the company’s bylaws;
  • the shareholder(s) submitting the proposal held at least five percent of the company’s outstanding shares for at least one year; and
  • the shareholder(s) submitting the proposal are eligible to and have filed a Schedule 13G with respect to the company.

The proposed rules also would amend other SEC rules to require disclosure of additional information by proponents and companies, including information about the proponent(s) and any previous dealings with the company.

Any proxy access shareholder proposal would need to comply with state law and with a company’s charter and bylaws. Thus, the proposals would not address whether proxy access proposals are permissible under state law. However, unlike a proxy access rule proposed by the SEC in 2003 but never adopted, today’s proposals do not otherwise dictate the terms of proxy access shareholder proposals.

In addition, the second release seeks public comment on several aspects of the SEC’s shareholder proposal rules, including precatory shareholder proposals.

Facilitating Electronic Shareholder Forums

The SEC also proposed rules intended to facilitate the ability of companies and shareholders to communicate in electronic shareholder forums by removing possible impediments to such forums under the SEC’s proxy rules. These proposals, which will be contained in the second release discussed above, would provide that:

  • companies and others who set up electronic shareholder forums are not liable under the federal proxy rules for false and misleading statements posted by others on electronic shareholder forums; and
  • persons not soliciting proxies who post communications on electronic shareholder forums at least sixty days in advance of a shareholders’ meeting will not be considered to be engaged in a solicitation for purposes of the proxy rules.

The proposals are not intended to require or prescribe the format or content of electronic forums, but instead allow companies and others to develop their own approaches to such forums.

Next Steps

We understand that the SEC will provide for a sixty day comment period on the proposals. As noted above, the two releases present alternative approaches with respect to proxy access shareholder proposals — one release only reaffirms the SEC’s historical interpretation of Rule 14a-8(i)(8), while the other would permit certain proxy access shareholder proposals. By issuing two alternative approaches, the SEC intends to allow for broad public comment that will enable it to adopt final rules relating to proxy access before the 2008 proxy season. It therefore is important that companies and other interested parties review and comment on these proposals.

Chairman Cox supported both proposals, while SEC Commissioners Roel Campos and Annette Nazareth voted against the proposals to reaffirm the pre-AIG interpretation, and SEC Commissioners Paul Atkins and Kathleen Casey voted against the proposed rules to allow proxy access bylaw amendments.

New PCAOB Auditing Standard for Internal Control Over Financial Reporting

The SEC approved, as adopted by the PCAOB, the PCAOB’s new auditing standard for the audits of issuers’ internal control over financial reporting under Section 404 of Sarbanes-Oxley. AS-5 (An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements) replaces the PCAOB’s Auditing Standard No. 2 (“AS-2”). AS-5 is intended to facilitate a more effective and efficient approach to implementation of Secton 404 by focusing auditors on the matters most important to internal control, eliminating unnecessary procedures, scaling the audit for companies of varying sizes and complexities and simplifying auditing requirements. According to statements made at the SEC’s open meeting, the SEC plans to periodically monitor how the PCAOB is overseeing auditors’ implementation of AS-5 to assess whether these goals have been achieved.

Significant aspects of AS-5 include the following:

  • AS-5 focuses auditors on the areas that pose the greatest risk that internal controls will fail to protect against material misstatements. It does so by using a principles-based, top-down approach that emphasizes the importance of auditing higher risk areas that can have a pervasive affect on internal control over financial reporting, such as the financial reporting close process. At the same time, AS-5 encourages auditors to consider a range of possible combinations of procedures to obtain the evidence necessary according to the assessed level of risk.
  • AS-5 clarifies that an auditor is not required to evaluate management’s own evaluation process or express an opinion on the adequacy of management’s evaluation process.
  • AS-5 provides clarification regarding the appropriate materiality standard to apply in the context of internal control audits. Specifically, AS-5 provides that, “in planning the audit of internal control over financial reporting, the auditor should use the same materiality considerations he or she would use in planning the audit of the company’s annual financial statements.”
  • AS-5 includes an additional discussion of three broad categories of entity-level controls and how each category may have a different affect on the selection and testing of other controls. For example, entity level controls that monitor the operation of other controls may reduce the need to test the underlying, process-level controls.

AS-5 also includes new definitions of the terms “material weakness” and “significant deficiency.” AS-5 provides that a material weakness is “a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis.” Because the PCAOB had previously stated that the “more than remote” standard that existed under AS-2 meant the same thing as the “reasonable possibility” test, it remains to be seen if this “new” definition will result in a higher threshold for assessing whether a control deficiency is a material weakness. As with the new significant deficiency definition in AS-5, which is described in more detail below, the material weakness definition is now aligned with the SEC’s rule.

AS-5 also sets forth indicators of material weakness, which include:

  • identification of fraud, whether or not material, on the part of senior management;
  • restatement of previously issued financial statements to reflect the correction of a material misstatement;
  • identification by the auditor of a material misstatement of financial statements where the misstatement would not have been detected by the company’s internal controls; and
  • ineffective oversight by the audit committee of the company’s external financial reporting and internal control over financial reporting.

The Staff stated at today’s meeting that these indicators are not intended to be determinative of a finding that a control deficiency is a material weakness.

The PCAOB’s new internal control standard also is intended to be scalable, so that it can change to fit the size and complexity of various issuers. AS-5 includes notes throughout explaining how to apply the principles to smaller or less complex companies.

In conjunction with the new auditing standard, the SEC also approved PCAOB Rule 3525, which relates to pre-approval of internal control-related services provided by the auditor. This rule provides that auditors are required to provide specified documentation prior to requesting pre-approval from the audit committee to provide permissible internal control-related services.

Auditors will be required to use AS-5 for audits of internal control for fiscal years ending on or after November 15, 2007. However, both the SEC and PCAOB encourage early adoption of AS-5 by auditors immediately following today’s approval of AS-5.

Practical Considerations

In light of the SEC’s approval of the PCAOB’s new auditing standard, management should request to receive input from auditors as to how the auditors plan to implement AS-5, and should consider how this implementation plan aligns with management’s plan for evaluating the company’s internal controls. Management and auditors should also be prepared to advise the audit committee regarding the implementation approach for AS-5.

Definition of Significant Deficiency

The SEC adopted, as proposed, rule amendments to Exchange Act Rule 12b-2 and Rule 1-02 of Regulation S-X to define the term “significant deficiency.” The new rules define a significant deficiency as, “a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness yet important enough to merit attention by those responsible for oversight of the company’s financial reporting.” The Staff stated that including the definition of significant deficiency in SEC rules will enable management to look at the SEC’s rules and guidance for interpretation of the term, rather than looking at auditing literature as management must do currently.

International Financial Reporting Standards

The SEC voted to publish a Concept Release to solicit public comment on whether to give U.S. issuers a choice of preparing financial statements in accordance with IFRS, as published by the International Accounting Standards Board, as opposed to U.S. Generally Accepted Accounting Principles, for purposes of complying with the SEC’s rules and regulations. This widely anticipated concept release, which falls on the heels of the SEC’s recent proposal to allow foreign private issuers to use IFRS, is part of the SEC’s initiative to assess whether international convergence of financial reporting standards is desirable and workable. Comments on this Concept Release will be due ninety days after publication in the Federal Register.

PCAOB Auditor Independence Proposals

At an open meeting of the PCAOB on July 24, 2007, the PCAOB unanimously voted to propose an amendment to existing Rule 3523 and to propose a new Rule 3526, both dealing with auditor independence.

Proposed Amendment to Rule 3523 — Tax Services for Persons in Financial Reporting Oversight Roles

The proposed amendment to Rule 3523 will provide that an audit firm does not lose its independence with respect to a prospective audit client if it provided tax services to an employee in a financial reporting oversight role at that client during the “audit” period but before the “professional engagement period” has commenced. Under the current rule, tax services provided to such a person during either period would be deemed to impair the auditor’s independence with respect to the prospective audit client. The two periods are different: The audit period is the full period, for example a fiscal or calendar year, covered by an audit or review; the professional engagement period, under PCAOB rules, commences on the earlier of the execution of an audit engagement agreement or the beginning of audit procedures.

The staff explained that many commentators on Rule 3523 had found it excessively restrictive because it precluded companies desiring to change auditors from selecting a firm that had performed tax services for a disqualified employee (or family member) at any time during the period that would be covered by the audit, even if the services were rendered and completed before the auditor and client commenced an audit engagement. Under the proposed rule, tax services provided to disqualified employees before a professional audit engagement commences will no longer impair the auditor’s independence even if those services were provided in the period that will be subject to audit.

Proposed Rule 3526 — Communicating with Audit Committees Concerning Independence

The PCAOB has also proposed a new rule that would be a more fundamental change to the independence rules and would supersede the PCAOB’s interim independence standard, ISB No. 1, adopted by the Independence Standards Board in 1999. ISB No. 1 provides that at least annually an auditor must disclose to an audit client’s audit committee all relationships between the auditor and the company (including the related entities of each) that, in the auditor’s professional judgment, may reasonably be thought to bear on independence. In addition, the auditor must confirm that, in its professional judgment, it is independent of the audit client and must discuss the auditor’s independence with the audit committee.

The PCAOB expressed several concerns with the existing rule. First, it does not require the independence discussion to take place before the auditor accepts an audit engagement. In adopting ISB No. 1, the Independence Standards Board specifically considered the timing of the independence disclosure and determined not to require that it be delivered before commencement of an audit engagement. The ISB No. 1 communication can be made at any time during the year, including after the audit has commenced. The PCAOB’s proposal would require independence issues to be raised and discussed before the auditor’s initial engagement is commenced. According to the PCAOB, the auditor’s independence should be part of the audit committee’s decision-making process in initially choosing an auditor.

In addition, the new rule proposes to eliminate the language in ISB No. 1 permitting the auditor to limit the discussion of independence to those issues that could be thought to affect independence “in the professional judgment of the auditor.” By proposing to eliminate that qualification, the PCAOB suggests in its proposal that the auditor should evaluate its independence based on the reasonable perception of third parties, not the auditor’s professional judgment.

The proposal also would add a requirement of specificity to the independence discussion between the auditor and audit committee that is absent in ISB No. 1. Under the proposed rule, the auditor must not only describe any potential relationships that may affect the auditor’s independence, but must discuss with the audit committee the potential effects of such relationships so that the audit committee will have sufficient information to understand how the relationships might affect independence. The PCAOB notes in its release that it wants to foster “a robust discussion” on these issues between the auditor and audit committee.

The proposal also provides that a similar independence communication will have to be delivered to and discussed with the audit committee at least annually. However, the PCAOB and staff indicated that annual updates, which should be delivered in a timely manner allowing independence issues to be flagged and resolved as early as possible, do not need to repeat matters raised and resolved in earlier years.

Finally, Proposed Rule 3526 also requires the auditor to document the substance of its independence discussion with the audit committee.

The PCAOB’s comment period on these proposals extends through September 7, 2007.

Gibson, Dunn & Crutcher lawyers are available to assist in addressing questions you may have regarding these issues. Please contact the Gibson Dunn attorney with whom you work, or

John F. Olson (202-955-8522, [email protected]),
Brian J. Lane (202-887-3646, [email protected]),
Ronald O. Mueller (202-955-8671, [email protected]),
Amy L. Goodman (202-955-8653, [email protected]),
Lewis H. Ferguson (202-955-8249, [email protected]),

Michael Scanlon (202-887-3668, [email protected]), or
Elizabeth Ising (202-955-8287, [email protected]).

© 2007 Gibson, Dunn & Crutcher LLP

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.