More on auditors' reporting duties to the SEC


We are writing in response to the JofA’s February 2012 article, “What’s your fraud IQ?” (page 36). The article discusses the Foreign Corrupt Practices Act (FCPA) and includes a 10-question quiz on the FCPA. The JofA’s coverage of this topic is to be commended as it is important for CPAs to understand the scope and application of the FCPA to protect investors. However, there is an incomplete answer provided for Question 7 of the quiz that needs clarification. Specifically, the answer does not address an auditor’s duties to make disclosure to the SEC under Section 10A of the Securities Exchange Act of 1934. Section 10A(b) requires an audit firm that detects or otherwise becomes aware that an illegal act has, or may have, occurred to determine whether the company has taken appropriate remedial measures and, if not, to report to the SEC in certain situations. The SEC has instituted enforcement Proceedings against auditors for failing to comply with Section 10A. Because there is no reference to Section 10A in Answer 7, CPAs may be left with a false impression that they would never have a duty to report a client’s illegal act to the SEC.

For context, Question 7 is as follows: ABC Auditors is hired to perform an external audit of the financial statements of XYZ Co., a publicly traded U.S. company. Based on information obtained during the audit and through consultation with legal counsel, ABC concludes that XYZ has violated the FCPA. In response to the detected illegal act, ABC should do all of the following EXCEPT:

a. Consider the illegal act’s effect on the amounts presented in XYZ’s financial statements
b. Evaluate the adequacy of disclosure in the financial statements of the illegal act’s potential effects on XYZ’s operations
c. Consider the implications of the illegal act in relation to other aspects of the audit
d. Disclose the illegal act to the SEC

The article indicates that the answer is “d” and advises that “[i]t ordinarily is not the auditor’s responsibility to disclose an illegal act to parties other than the client’s senior management and its audit committee or board of directors, and such disclosure would be precluded by the auditor’s ethical and legal obligations.” (Emphasis added.)

This answer is misleading, and the justification incomplete, because it does not address whether the company had taken timely and appropriate remedial measures and does not reference an auditor’s Section 10A obligations. Although the answer may have presumed that such measures had been taken, in omitting any reference to Section 10A, the authors missed an opportunity to educate readers about their duties under the federal securities law.

For information about how to make a 10A submission to the SEC, go to The views expressed in this letter are our own and not necessarily the views of the commission, the individual commissioners, or our colleagues on the commission staff.

Howard A. Scheck
chief accountant, SEC Division of Enforcement

Kara Novaco Brockmeyer
chief, Foreign Corrupt Practices Act Unit, SEC Division of Enforcement


Cybersecurity threats proliferating for midsize and smaller businesses

This report details how SMBs can properly protect private information from breaches, design and implement a cybersecurity policy, and create safeguards for training and education.


Test yourself on these often confused words

The spelling checker on your word processing program can do only so much to flag problems. Your best insurance is to learn the troublesome words that trip up writers and use them correctly by the standards of formal, written English.