This is the accessible text file for GAO report number GAO-03-982R 
entitled 'Securities Exchange Act: Review of Reporting Under Section 
10A' which was released on October 06, 2003.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.


September 3, 2003:

The Honorable John D. Dingell:

Ranking Minority Member:

Committee on Energy and Commerce:

House of Representatives:

Subject: Securities Exchange Act: Review of Reporting Under Section 
10A:

Dear Mr. Dingell:

This report responds to your request that we update our February 4, 
2000, report[Footnote 1] on reporting under Section 10A of the 
Securities Exchange Act of 1934. As you know, Section 10A requires 
reporting to the Securities and Exchange Commission (SEC) when, during 
the course of a financial audit, an auditor detects likely illegal acts 
that have a material impact on the financial statements and appropriate 
remedial action is not being taken by management or the board of 
directors. In addition to reporting on the number of Section 10A 
reports submitted to the SEC and the status of SEC actions pertaining 
to Section 10A reports, we also agreed with your office to report on 
the current initiatives by the accounting profession pertaining to the 
auditor's responsibility for detecting fraudulent financial reporting. 
On October 1, 2002, we briefed your office on the number of Section 10A 
reports submitted to the SEC since our last report. This report 
responds to your February 25, 2003, request that we update that work, 
which we have updated to reflect Section 10A reports submitted to the 
SEC through May 15, 2003.

Results in Brief:

The Section 10A reporting requirements first became effective for 
fiscal years beginning on or after January 1, 1996. Since our February 
2000 report, the SEC has received an additional 23 10A letters, 
bringing the total received since the requirement was implemented 
through May 15, 2003, to 29. Of the 29 SEC registrants named in the 
reports, 10 are currently subjects of active SEC enforcement 
investigations, 8 have had actions brought against them by the SEC, and 
11 of the Section 10A reports were closed without formal action being 
taken by the SEC. According to SEC officials, all Section 10A reports 
are investigated. In some instances, the SEC took no formal action. 
However, the registrants, as a result of discussions with the SEC, took 
remedial action that the SEC found satisfactory. Through May 15, 2003, 
the SEC had filed seven actions against auditors for alleged violations 
of Section 10A for failing to report likely illegal acts materially 
impacting on a company's financial statements. Six of these cases have 
been settled with the majority of the auditors agreeing to suspensions 
from practicing before the SEC for periods ranging from 1 to 10 years. 
The remaining case was filed in January 2003 and is currently in 
litigation.

In 2002, the American Institute of Certified Public Accountants (AICPA) 
issued a new audit standard for detecting fraud, Statement on Auditing 
Standards (SAS) 99: Consideration of Fraud in a Financial Statement 
Audit. The AICPA believes SAS 99 will substantially change auditor 
performance, thereby improving the likelihood that auditors will detect 
material misstatements in financial statements due to fraud by placing 
an increased focus on exercising professional skepticism throughout the 
audit. The new standard calls for auditors in planning and performing 
the audit to identify and consider risks of material misstatement due 
to fraud through brainstorming among audit team members, inquiring of 
management, performing analytical procedures, considering 
inappropriate reporting of revenue and management override of internal 
controls, evaluating internal controls that address the identified 
risks of fraud, and assessing throughout the audit and at the 
completion of the audit the risk of fraud based on the results of 
auditing procedures. The new standard also requires auditors to 
communicate about fraud to management, the audit committee, and others, 
and to document the auditors' consideration of fraud. SAS 99 has been 
adopted on an interim basis by the Public Company Accounting Oversight 
Board (PCAOB) for audits of public companies registered with the PCAOB. 
However, upon completion of its review of SAS 99, the PCAOB may modify, 
repeal, replace or adopt permanently the standard for audits of 
registered public companies. The Sarbanes-Oxley Act of 2002 also 
contains a number of provisions aimed at improving the quality of 
audits of public companies including more audit committee involvement 
with the auditor, a requirement for auditors to attest to management's 
assessment of internal controls over financial reporting, a requirement 
for audit partner rotation, prohibition of certain nonaudit services to 
audit clients, prohibition of providing audit services to a company 
that employs as a top official a previous member of the audit 
engagement team, and greater penalties for failure to report fraud. We 
believe these new provisions should enhance the auditor's ability to 
comply with the requirements of the auditing standard for detecting and 
reporting fraud.

We requested comments on a draft of this document from the SEC and the 
AICPA. The SEC and the AICPA provided us with some technical 
suggestions which we incorporated as appropriate.

Background:

The Private Securities Litigation Reform Act of 1995 (Public Law 104-
67) added Section 10A to the Securities Exchange Act of 1934 (15 U. S. 
C. 78j-1). The requirements of Section 10A first became effective for 
fiscal years beginning on or after January 1, 1996.[Footnote 2]

Section 10A requires a company's board of directors or its auditor to 
notify the SEC about possible illegal acts under certain conditions. 
Specifically, if the auditor detects or otherwise becomes aware that an 
illegal act has or may have occurred, the auditor is to inform the 
appropriate level of management as soon as possible and ensure that the 
board of directors or the audit committee is adequately informed. 
Section 10A also requires that auditors report conclusions directly to 
the board of directors or audit committee if they conclude the 
following: (1) the likely illegal act has a material effect on the 
financial statements, (2) senior management has not taken proper and 
timely remedial action, and (3) failure to take remedial action is 
reasonably expected to result in a departure from a standard audit 
report or the auditor's resignation.[Footnote 3] A board of directors 
or audit committee that receives such a report shall inform the SEC 
within 1 business day of receiving the report and send the auditor a 
copy of the notice provided to the SEC. If the auditor does not receive 
a copy of the notice within the required 1 business day, the auditor is 
to furnish a copy of the report to the SEC not later than 1 business 
day following the failure to receive a copy of the notice.

Rule 240. 10A-1 states that reports under Section 10A shall be 
submitted to the SEC's Office of the Chief Accountant.[Footnote 4] The 
report must be in writing and identify the registrant and the auditor 
and the date that the registrant received the Section 10A report from 
the auditor. In addition, the report must include either a copy of the 
auditor's report or a summary of the report including a description of 
the act that the auditor has identified as a likely illegal act and the 
possible effect of that act on the financial statements. The rule is 
based on the premise that the reports under Section 10A are to assist 
the SEC in performing its enforcement responsibilities and therefore, 
the reports are nonpublic.

After receiving and logging the Section 10A reports, the Office of the 
Chief Accountant forwards the reports to the Division of Enforcement, 
which conducts investigations into possible violations of federal 
securities laws and prosecutes the SEC's cases. The reports are also 
forwarded to other divisions within the SEC, including the Division of 
Corporation Finance, which reviews the financial statements and other 
financial reports filed by SEC registrant companies. The Office of the 
Chief Accountant and the Division of Enforcement monitor the progress 
on any investigation initiated or facilitated by a Section 10A report. 
In addition, the Division of Enforcement is developing a computer 
tracking system for referrals 
of Section 10A reports, as well as complaints concerning possible 
financial reporting violations.

The SEC has current, ongoing monitoring efforts to identify potential 
Section 10A reporting situations where a report has not been submitted. 
The Office of the Chief Accountant monitors letters received from the 
AICPA's SEC Practice Section (SECPS)[Footnote 5] member auditors when 
the client-auditor relationship is terminated[Footnote 6] and other 
correspondence, as described later in this section, to identify 
potential Section 10A reporting situations. In addition, officials from 
the Division of Corporation Finance explained that they look for 
potential enforcement cases, including potential Section 10A reporting 
cases, when reviewing information reported to the SEC on Form 8-K, Item 
4, "Changes In Registrant's Certifying Accountants.":

An SEC registrant must submit a Form 8-K within 5 business days of the 
date that its auditor resigns, declines to stand for reelection, or is 
dismissed. Item 304 of Regulation S-K, which is incorporated into the 
Form 8-K, Item 4, requires registrants to state, among other things, 
whether there were any disagreements between the auditor and the 
registrant on any matter of accounting principles or practices, 
auditing scope or procedures, or financial statement disclosures in 
connection with the audits of the financial statements for the 2 most 
recent fiscal years, and any subsequent interim period. Item 4 also 
requires disclosure of any instance within the applicable time period 
where the former auditor advised the registrant that (1) the internal 
controls necessary for developing reliable financial statements did not 
exist, (2) information had come to the auditor's attention that led him 
to no longer rely on management's representations, (3) there was a need 
to expand significantly the scope of the audit and the scope had not 
been expanded, and (4) information had come to the auditor's attention 
affecting the reliability of past audit reports or financial 
statements, or the financial statements issued or to be issued covering 
the periods subsequent to the date of the last audit report, and the 
issue had not been resolved to the auditor's satisfaction.

According to the SEC, it received approximately 2,800 Forms 8K with 
Item 4 disclosures during fiscal year 2002.[Footnote 7] The Division of 
Corporation Finance reviews all Item 4 Forms 8-K and requests 
additional information from the registrant as needed to clarify matters 
reported. When the Division of Corporation Finance identifies 
significant potential violations of SEC laws and regulations, the 
matters are considered for forwarding to the Division of Enforcement 
for further investigation.

The Division of Enforcement advised us that it processed approximately 
600 enforcement cases during its last fiscal year, of which 
approximately 23 percent involved accounting and/or auditing issues. In 
addition to referrals from the Division of Corporation Finance, the 
Division of Enforcement becomes aware of potential enforcement cases 
through various means, including news articles, letters, and referrals 
from other agencies such as the 
Department of Justice or the stock exchanges. When investigating cases, 
the Division of Enforcement considers violations of any federal 
securities laws and regulations, including Section 10A reporting 
requirements.

Objectives, Scope, and Methodology:

Our objectives were to determine (1) the number of Section 10A 
submissions through May 15, 2003 and the status of the SEC actions on 
those reports, and (2) the current initiatives being taken by the 
accounting profession pertaining to the auditor's responsibility for 
detecting fraudulent financial reporting. To meet the above objectives, 
we interviewed officials from the SEC's Office of the Chief Accountant, 
Division of Enforcement, and Division of Corporation Finance. We 
requested information from the SEC regarding the number of Section 10A 
reports submitted through May 15, 2003, and the status of any related 
enforcement issues associated with all Section 10A cases. In addition, 
we made inquiries of the AICPA about the accounting profession's 
actions to address recommendations concerning fraud related to the 
studies identified in our February 4, 2000, report.

We requested oral comments on a draft of this report from the AICPA's 
Director of Professional Standards and Services - Washington D.C. and 
from the principal representatives we met with at the SEC. The Chief 
Counsel in the SEC's Office of the Chief Accountant provided us with 
oral comments that also incorporated the views of the Division of 
Enforcement and Division of Corporation Finance. Their comments are 
discussed at the end of this report. We conducted our work from 
February 2003 through May 2003 in accordance with generally accepted 
government auditing standards.

Section 10A Reports Received by the SEC:

Section 10A reporting requirements first became effective for fiscal 
years beginning on or after January 1, 1996.[Footnote 8] In our 
February 2000 report, we stated that six Section 10A reports had been 
submitted through December 14, 1999. Records from the SEC's Office of 
the Chief Accountant show that during the period December 15, 1999, 
through May 15, 2003, an additional 23 Section 10A reports were 
submitted. Therefore, since the inception of the 10A reporting 
requirement through May 15, 2003, a total of 29 Section 10A reports 
have been submitted to the SEC. The reports cover a variety of 
potential illegal acts, including improper revenue recognition, unusual 
capital transactions relating to stock warrants, inadequate financial 
statement disclosures, and failure to disclose expenses relating to 
stock options. Although the AICPA has not specifically studied Section 
10A reporting, representatives from the AICPA continue to attribute the 
low level of 10A reporting to the reasons they cited as stated in our 
previous report, the most likely being that in most cases, management 
or the board of directors, often with the participation of internal or 
external counsel, take timely and appropriate action to address a 
situation involving an illegal act when it is brought to their 
attention.

According to SEC officials, all Section 10A reports are investigated. 
Of the 29 SEC registrants named in the reports, 10 are currently 
subjects of active SEC enforcement investigations, 8 have had actions 
brought against them by the SEC, and 11 were closed without formal 
action being taken by the SEC. Injunctive actions and administrative 
proceedings were filed in 8 cases alleging violations such as (1) 
failure to disclose transactions in public statements to shareholders 
and the SEC, (2) inclusion of fraudulently-valued assets on financial 
statements filed with the SEC, (3) underreporting the value of 
inventory resulting in an understatement of expenses and liabilities 
and an overstatement of income, and (4) improper revenue recognition 
and understatement of expenses. A violation reported under Section 10A 
may be closed without formal action being taken by the SEC for such 
reasons as the registrant is no longer publicly traded, has a very 
small dollar amount of assets, or is no longer doing business. In 
certain instances, after discussions with the SEC, the registrants took 
remedial action, which the SEC found satisfactory, such as obtaining a 
review of the registrant's quarterly financial statements filed with 
the SEC.

On October 31, 2000, the SEC filed its first actions against auditors 
for violating Section 10A reporting requirements, which call for 
auditors to report to the SEC when, during the course of a financial 
audit, they detect likely illegal acts that have a material impact on 
the financial statements and appropriate remedial action is not being 
taken by management or the board of directors. As previously stated, 
through May 15, 2003, the SEC had filed seven actions against auditors 
for alleged violations of Section 10A for failing to report likely 
illegal acts materially impacting on a company's financial statements. 
These actions were both civil actions in federal court seeking, among 
other remedies, injunctive relief, and SEC administrative proceedings 
against auditors seeking cease and desist orders and auditor 
suspensions from practicing before the SEC. In addition to the 
auditor's failure to submit a 10A notification, in some cases 
injunctive actions and administrative proceedings were filed against 
auditors for other alleged violations such as engaging in fraud by 
falsely representing to the public that the financial reporting was in 
accordance with generally accepted accounting principles or failure to 
comply with generally accepted auditing standards. Six of these cases 
have been settled with five of the auditors agreeing to suspensions 
from practicing before the SEC for periods ranging from 1 to 10 years. 
In the sixth case, monetary penalties were assessed against the 
auditors. The remaining case, which was filed in January 2003, is still 
in litigation.

Current Initiatives by the Accounting Profession Related to Detection 
of Fraudulent Financial Reporting:

In October 2002, the AICPA issued a new auditing standard for detecting 
fraud, Statement on Auditing Standards (SAS) 99: Consideration of Fraud 
in a Financial Statement Audit,[Footnote 9] which became effective for 
audits of financial statements for periods beginning on or after 
December 15, 2002. While the new fraud auditing standard does not 
change the auditor's responsibility to detect fraud, it does provide 
more guidance to the auditor on how to respond to risks of material 
frauds and more specific fraud detection procedures. The changes to the 
auditor's consideration of fraud were largely in response to AICPA-
sponsored academic research projects which studied the effectiveness of 
SAS 82 and recommendations 
concerning fraud from the Panel on Audit Effectiveness.[Footnote 10]

The AICPA believes that the new standard will substantially change 
auditor performance, thereby improving the likelihood that auditors 
will detect material misstatements in financial statements due to fraud 
by placing an increased focus on exercising professional skepticism 
throughout the audit. The new standard also stresses that auditors must 
ask the right questions and question the answers, and obtain audit 
evidence that supports the answers. Moreover, auditors who identify 
fraud risks must know how to change audit procedures to handle the 
situation. Key provisions of the new standard include the following.

As part of planning the audit, brainstorming among audit engagement 
personnel, including the person responsible for the audit, regarding 
the risks of material misstatement due to fraud. Audit team members are 
required to consider how and where the entity's financial statements 
might be susceptible to material misstatement due to fraud and 
reinforce the importance of adopting an appropriate mindset of 
professional skepticism.

Obtain the information needed to identify risks of material 
misstatement due to fraud through such activities as (1) inquiring of 
management and others within the entity about the risks of fraud, (2) 
considering the results of the analytical procedures performed in 
planning the audit, (3) considering fraud risk factors, and (4) 
considering certain other information.

Require specific consideration of the risks of fraud due to 
inappropriate reporting of revenue and management override of internal 
controls.

Use information gathered to identify risks that may result in a 
material misstatement due to fraud.

Assess the identified risks after taking into account an evaluation of 
the entity's programs and controls that address the identified risks of 
material misstatement due to fraud.

Respond to the results of the assessment of the risks of material 
misstatement due to fraud by applying professional skepticism when 
gathering and evaluating audit evidence. The auditor's response to the 
risks identified relates to the performance of the audit by considering 
(1) the overall effect on how the audit is conducted, that is, a 
response involving more general considerations apart from the specific 
procedures otherwise planned, (2) identified risks that involve the 
nature, timing, and extent of the auditing procedures to be performed 
and (3) the performance of certain procedures to further address the 
risk of material misstatement due to fraud involving management 
override of controls, such as examining journal entries and other 
adjustments for evidence of possible material misstatement due to 
fraud, reviewing accounting estimates for biases that could result in 
material misstatement due to fraud, and evaluating the business 
rationale for significant unusual transactions.

Assess the risks of material misstatement due to fraud throughout the 
audit, evaluating at the completion of the audit whether the 
accumulated results of auditing procedures (audit evidence) and other 
observations affect the assessment and the need to perform additional 
or different audit procedures, and considering whether identified 
misstatements may be indicative of fraud and, if so, evaluating their 
implications.

Communicate about fraud to management, the audit committee, and others.

Document the auditor's consideration of fraud.

The new Public Company Accounting Oversight Board (PCAOB)[Footnote 11] 
has adopted on an interim basis, auditing standards issued by the 
AICPA's Auditing Standards Board (ASB), as they existed on April 16, 
2003, for use by public accounting firms registered with the PCAOB in 
the preparation and issuance of audit reports of public companies. Upon 
completion of its review of the standards, including SAS 99, the PCAOB 
may modify, 
repeal, replace or adopt permanently the existing standards for audits 
of registered public companies. Therefore, the PCAOB may determine that 
additional requirements and guidance are needed for auditors to be more 
effective in detecting and reporting fraud.

The Sarbanes-Oxley Act of 2002 (the Act) also contains a number of 
provisions aimed at improving the quality of audits of public 
companies. We believe these provisions should enhance the effectiveness 
of the audit function, including the auditor's ability to comply with 
the requirements of the auditing standard for detecting and reporting 
fraud. For example, the Act 
requires auditors to report to and be overseen by a public company's 
audit committee,[Footnote 12] not management; 

requires auditors to report to the audit committee information such as 
critical accounting policies and practices to be used, alternative 
treatments of financial information within generally accepted 
accounting principles that have been discussed with management, 
ramifications on the use of alternative treatment and the auditors' 
preferred treatment, and other material written communications between 
the auditor and management;

requires auditors to attest to, and report on, the required assessment 
made by management on the company's internal controls over financial 
reporting;

requires the lead audit partner and the audit review partner to rotate 
every 5 years;

prohibits an accounting firm from providing audit services to a public 
company if one of that company's top officials was employed by the firm 
and worked on the company's audit during the previous year;

prohibits the auditor of the public company's financial statements from 
also providing certain nonaudit services;

requires the public company's audit committee to pre-approve all audit, 
attest, and review services and nonaudit services that are not 
prohibited by the Act;

creates greater penalties for those who destroy records, commit 
securities fraud and fail to report fraud; and:

extends the statute of limitations for the discovery of fraud to the 
earlier of 2 years from the date of discovery of the facts constituting 
the violation or 5 years after the violation.

Agency Comments:

We received oral comments on a draft of this report from the AICPA's 
Director of Professional Standards and Services - Washington D.C. and 
from the Chief Counsel in the SEC's Office of the Chief Accountant who 
provided us with oral comments that also incorporated the views of the 
Division of Enforcement and Division of Corporation Finance. The SEC 
and the AICPA provided us with some technical suggestions which we 
incorporated in the report as appropriate.

We plan no further distribution of this report until 30 days after the 
date of this report. At that time, we will send copies of this report 
to the Honorable William H. Donaldson, Chairman of the SEC, and Mr. 
William F. Ezzell, Chairman of the AICPA. The report will also be 
available at no charge on GAO's home page at http://www.gao.gov. If you 
have any questions, please call me at (202) 512-9406 or Julia Duquette 
at (202) 512-5131.

Sincerely yours,

Jeanette M. Franzel 
Director Financial Management and Assurance:

Signed by Jeanette M. Franzel: 

(194220):

FOOTNOTES

[1] U.S. General Accounting Office, Securities Exchange Act: Review of 
Reporting Under Section 10A, GAO/AIMD-00-54R (Washington, D.C.: Feb. 4, 
2000).

[2] For registrants not required to file quarterly financial data with 
the SEC, the requirements apply to annual reports for any fiscal year 
beginning on or after January 1, 1997.



[3] If the auditor resigns, the requirements of Section 10A are still 
applicable.



[4] The Chief Accountant is the principal advisor within the SEC on 
accounting and auditing matters arising from the administration of 
federal securities laws.



[5] The SECPS is a self-regulatory group whose objective is to improve 
the practice of certified public accounting firms. The AICPA bylaws 
require that all members that engage in the practice of public 
accounting with a firm auditing one or more SEC clients are required to 
join the SECPS.

[6] When a SECPS member firm has been the auditor for an SEC registrant 
and has resigned, has declined to stand for reelection, or has been 
dismissed, SECPS requirements state that the firm shall report in 
writing the fact that the client auditor relationship has ceased 
directly to the client with a simultaneous copy to the Office of the 
Chief Accountant of the SEC within 5 business days. 

[7] According to SEC officials, approximately half of the item 4 
disclosures were submitted because a change of auditor was necessary 
when Arthur Andersen, LLP ceased practicing before the SEC in August 
2002.

[8] See footnote 2.

[9] This new SAS supersedes the AICPA's earlier fraud standard issued 
in 1997, SAS 82, which carried the same title.



[10] In 1998, the Public Oversight Board (POB) appointed a Panel on 
Audit Effectiveness to examine the current audit model, including the 
way independent audits are performed regarding the auditor's 
consideration of fraud. The Panel's report, Report and Recommendations, 
issued August 31, 2000, contains recommendations addressed to the 
AICPA's Auditing Standards Board concerning fraud. The POB was an 
independent private sector body that provided oversight of the self-
regulatory programs of the AICPA's SECPS. The POB was terminated on May 
1, 2002. See U.S. General Accounting Office, The Accounting Profession: 
Status of Panel on Audit Effectiveness Recommendations to Enhance the 
Self-Regulatory System, GAO-02-411 (Washington, D.C.: May 17, 2002).


[11] The PCAOB was established pursuant to the Sarbanes-Oxley Act of 
2002 (Act) to oversee the audits of public companies that are subject 
to the U.S. Federal securities laws. As provided for by the Act, the 
PCAOB will set professional standards (including auditing, attestation, 
quality control, ethics, and independence standards) to be used by 
public accounting firms registered with the PCAOB in the preparation 
and issuance of audit reports of public companies. 

[12] An audit committee means a committee or equivalent body established by 
and amongst the public company's board of directors. If no such 
committee exists, then the entire board of directors shall be the audit 
committee.