Royalty Audits - Compliance With AICPA Standards

ABOUT ROYALTY AUDITING

Royalty auditing is a niche service that has exploded in popularity over the last 20 years. The primary purpose of a royalty audit is to test whether a licensee has complied with a license agreement or statutory requirement. The royalty auditor is hired by an intellectual property owner (aka, licensor) or minerals owner to inspect the books and records of a licensee primarily to determine if usage-based monetary amounts have been paid as contractually required. In addition to monetary damage calculations, most royalty audits examine for breach of contract in a wide variety of areas, such as intellectual property protection, record keeping, distribution channels, and permitted usage.

Over the last two decades, I have witnessed a large quantity of CPAs perform royalty audits with a lack of consideration to professional standards primarily because there is limited guidance and training other than internal private firm memorandum and the very broad AICPA professional standards. The lack of professional royalty audit training is leading to client and courtroom problems for the CPA royalty auditor who is unable to adequately support damage calculations, thereby leading to increased accusations of professional incompetency. The purpose of this article is to provide guidance to CPAs on the AICPA professional standards applicable to royalty audits and how to help avoid some of the most common standard violations. This article does not cover how to conduct a royalty audit.

A royalty audit is not a financial statement audit. On a monetary level, the royalty auditor is attempting to discover the unknown, eventually leading to the preparation of economic damage calculations for underreporting or other monetary contract violations. With a financial statement audit, the auditor often is concerned with the over-reporting of revenues, whereas the royalty auditor is concerned about the under-reporting of revenues. Royalties are paid for a variety of resource or property usages, such as minerals, patents, copyrights, and trademarks. Royalties are paid in every industry and can be a lump sum, variable royalty, or combination of both. A royalty audit focuses on variable royalties. Estimates of annual royalty payments are in excess of $1 trillion dollars. Depending on the industry, Big 4 firms have reported that royalty audits commonly disclose under-reporting in excess of 10%, with the highest percentage monetary under-reporting from trademark royalty audits and the lowest from regulated pharmaceuticals.

USING THE TERM ROYALTY AUDIT

License agreements commonly use the term royalty audit or right to audit. To a CPA, an audit is an independent examination of financial statements in which a financial fairness opinion is expressed. A royalty audit is not an independent examination of financial statements as defined by the AICPA and does not deal with many aspects of a financial statement audit, such as materiality or an expression of an opinion. The CPA royalty auditor needs to work within an agreement's "audit" terms and, therefore, must be conscientious of this difference in communications to ensure that the use of the word audit does not lead the reader to believe that a royalty audit is the same as a financial statement audit.

So as to not give the perception that a royalty audit is a financial statement audit, the CPA should note to the client in an engagement letter or other communication that the royalty audit is not an independent audit. Further, the third party being audited, often a licensee, should also be informed by the CPA that the royalty audit is not a financial statement audit as defined by AICPA professional standards.

USING THE TERM ROYALTY AUDITOR

Many states have regulations regarding the use of the word auditor. Generally, state regulations indicate that only a CPA may present themselves to the public as an auditor. Further, there is a perception that an auditor's work is, by definition, independent.

To help avoid confusion, when conducting a royalty audit, the CPA should refer to himself or herself as a royalty auditor and not just an auditor. The language of being a royalty auditor should be presented with language identifying the standard or standards under which the work is being performed, namely either under AICPA Statements on Standards for Attestation Engagements (SSAEs) or the much more common AICPA Statement on Standards for Consulting Services (SSCS) No. 1, Consulting Services: Definitions and Standards (AICPA, Professional Standards, CS sec. 100), which do not require independence.

INDEPENDENT AUDITOR REQUIREMENTS IN A CONTRACT

Most royalty audits are conducted under a "right-to-audit" clause in a license agreement. This clause often states that the royalty audit is to be conducted by an "independent auditor." Under AICPA guidelines, an independent auditor is a royalty auditor performing work under the SSAEs. When a royalty agreement requires an independent audit, the CPA almost always performs the work under SSCS No. 1, resulting in a royalty audit that is not independent under AICPA professional standards. Further, generally, the royalty auditor has not informed the licensor and licensee of the discrepancy between the independence license agreement language and the procedures actually performed. The reason for this is sometimes due to the niche or full-time royalty auditor not having training in performing work under the SSAEs.

Many licensors or their legal counsel will interpret "independent auditor" to mean the royalty auditor cannot be a licensor employee. However, I have seen more than one litigation in which royalty audit findings have been disallowed because the licensee has successfully argued that the royalty audit was not conducted by an independent CPA as required by the terms of the license agreement. The royalty auditor should consider and possibly consult with his or her counsel about the license agreement words "independent auditor" in the view of AICPA professional standards and not simply take his or her client's interpretation.

If an independent auditor is required by the license agreement and the royalty auditor intends to perform the work under SSCS No. 1, then the royalty auditor should inform both the licensor and licensee that the royalty audit will be conducted under SSCS No. 1 prior to the start of substantial work.

PERFORMING A ROYALTY AUDIT UNDER ATTESTATION STANDARDS AS AN INDEPENDENT AUDITOR

The requirements for performing a royalty audit under the SSAEs are very strict, and there are very few royalty auditors qualified to perform royalty audits under these independence standards. Generally, AICPA attestation standard royalty audits are only conducted when a royalty audit is performed for a financial statement client. Less than about 2% of all royalty audits are performed under the SSAEs. This 2% is important to recognize because more than about 25% of license agreements require the audit to be performed by an independent auditor. As such, the risk for noncompliance with contract terms of independence is high amongst royalty audit professionals.

SSAEs procedures for royalty audits will not be discussed in this article due to their complexity.

PERFORMING A ROYALTY AUDIT UNDER CONSULTING STANDARDS

Royalty audits are almost always conducted under SSCS No. 1, which defines the services as follows: "Advisory services, in which the practitioner's function is to develop findings, conclusions, and recommendations for client consideration and decision making."

There are seven applicable AICPA standards for a royalty audit conducted under SSCS No. 1. The first four standards are contained in the "General Standards Rule" of the AICPA Code of Professional Conduct and are applicable to both attestation and consulting standards. The remaining three are contained in the "Compliance With Standards Rule" of the AICPA Code of Professional Conduct and are specific for consulting services.

The AICPA general standards of the accounting profession are contained in the "General Standards Rule" (AICPA, Professional Standards, ET secs. 1.300.001 and 2.300.001), as follows:

• Sufficient relevant data - Obtain sufficient relevant data to afford a reasonable basis for conclusions or recommendations in relation to any professional services performed.
• Planning and supervision - Adequately plan and supervise the performance of professional services.
• Due professional care - Exercise due professional care in the performance of professional services.
• Professional competence - Undertake only those professional services that the member or the member's firm can reasonably expect to be completed with professional competence.

The AICPA general consulting standards promulgated to address the distinctive nature of consulting services established under the "Compliance With Standards Rule" (AICPA, Professional Standards, ET secs. 1.310.001 and 2.310.001) are as follows:

• Client interest - Serve the client interest by seeking to accomplish the objectives established by the understanding with the client while maintaining integrity and objectivity.
• Understanding with client - Establish with the client a written or oral understanding about the responsibilities of the parties and the nature, scope, and limitations of services to be performed and modify the understanding if circumstances require a significant change during the engagement.
• Communication with client - Inform the client of (a) conflicts of interest that may occur pursuant to interpretations of the "Integrity and Objectivity Rule "of the AICPA Code of Professional Conduct, (b) significant reservations concerning the scope or benefits of the engagement and (c) significant engagement findings or events.

SUFFICIENT RELEVANT DATA

The "Sufficient Relevant Data" standard states the following: "Obtain sufficient relevant data to afford a reasonable basis for conclusions or recommendations in relation to any professional services performed."

The royalty auditor must gain sufficient relevant data to make a competent damages computation. Too often, the royalty auditor incorrectly considers only data beneficial for his or her client and ignores data beneficial to the thirdparty licensee being audited. It is the royalty auditor's obligation to ensure all relevant data is considered and to try not to increase damages in a biased manner. Bias can be observed when the CPA is working to satisfy the needs of the client while sacrificing professional requirements.

One area of high risk where a royalty auditor may not gain sufficient relevant data relates to obtaining an adequate understanding of the license agreement. It is a mistake for a royalty auditor to interpret a contract's terms and conditions. Rather, the royalty auditor should read the contract to gain an understanding of the terms and conditions and then should seek verification or guidance of his or her understanding from the licensor and licensee, especially when the terms are ambiguous.

Under SSCS No. 1, the royalty auditor should not blindly accept the client's definition of an agreement because to do so could be a lack of professional skepticism. If there is a difference about a contract's interpretation, it would be appropriate to present findings or damages using opposing sides' interpretations of the royalty agreement; however, this is not a requirement. In this process, the royalty auditor should avoid making what appears to be a legal conclusion.

PLANNING AND SUPERVISION

The "Planning and Supervision" standard requires adequate planning. Adequate planning would necessitate gaining an understanding from the licensor on the interpretation of the contract. Further, although not required, planning often is documented in a work plan and, at a minimum, there should be planning documented in the working papers.

A work plan helps demonstrate advance planning by creating procedures to be performed. It is not necessary that the planned procedures be performed, and often, the planned procedures are completely changed during the course of a royalty audit performed under SSCS No. 1.

Although an engagement letter is not required, an engagement letter with procedures that may be performed helps to ensure there is documentation of planning.

DUE PROFESSIONAL CARE

The AICPA, under AU-C230, describes due professional care. This description is geared primarily towards auditors performing independent audit work; however, the definitions also are applicable to understand due professional care for work performed under consulting standards. The AICPA states the following:

An auditor should possess "the degree of skill commonly possessed" by other auditors and should exercise it with "reasonable care and diligence."

Due professional care requires the auditor to exercise professional skepticism. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. The auditor uses the knowledge, skill and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence.

Exercising due professional care includes professional responsibilities such as adequate planning, and gaining an understanding of the contract that is the subject of the royalty audit during the planning phase and throughout the course of the engagement.

CLIENT INTEREST

The "Client Interest" standard requires the royalty auditor to serve the objectives of the client while maintaining integrity and objectivity. Royalty auditors risk not maintaining integrity and objectivity if they engage in contract interpretations or compute damage calculations not supported by the license agreement or associated data. It is possible for the royalty auditor to serve the licensor client's interests and disagree with the licensee when there is a licensee disagreement. Such a disagreement should be reported to the client licensor, often in the report or an email, so there is an appearance of objectivity. Objectivity does not require the royalty auditor to calculate damages under opposing viewpoints. The royalty auditor can present the damage calculation in an objective manner by using only the licensor client's interpretation of the agreement, provided the data used support the calculation. However, this does not relieve the royalty auditor of his or her responsibility to notify his or her licensor or client that the licensee disagrees with the calculation.

As mentioned previously, the royalty auditor should not interpret the license agreement. A royalty auditor who interprets a license agreement risks losing both integrity and objectivity. There is a difference between reading the actual language of a royalty agreement and applying that language, and inventing or speculating on the language of a royalty agreement. Speculation can lead to interpretation.

UNDERSTANDING WITH CLIENT

This standard requires the royalty auditor to establish with the client a written or oral understanding of the nature, scope, and limitations of the services to be performed.

Although not required, this is best accomplished with a written engagement letter. Other forms of communication, such as emails, also are acceptable. The auditor should not wait for the report to be issued before communicating the nature, scope, and limitations of the engagement.

COMMUNICATION WITH CLIENT

The "Communication With the Client" standard is best followed by issuing a report; however, there are instances when a royalty agreement states that no report shall be issued and further limits communications to only a damages amount. In such an instance, the royalty auditor should document in his or her working papers that both the licensor client and licensee require that a report not be issued, only a damages amount.

If a client requests that a report is not issued because, for example, there are no findings from the royalty audit so the client does not want to pay for a report, then the auditor should document in the working papers that the client does not require a report. The royalty auditor should also communicate with the client and confirm that no report is to be issued.

CONCLUSION

A CPA must be certain to follow the applicable AICPA attestation or consulting standards when conducting a royalty audit. Royalty audits require a high degree of expertise and professional competence and should only be performed under the supervision of a qualified and experienced royalty auditor. Performing a royalty audit under SSCS No. 1 instead of the attestation standards reduces professional competency risks to CPAs. However, even under SSCS No. 1, certain professional responsibilities must be maintained to avoid disciplinary actions and legal liability from both parties to a royalty agreement.