The PCAOB’s proposal to broaden the scope of the auditor’s responsibilities for audit client noncompliance with laws and regulations (NOCLAR) is attracting an unusually high level of comment from audit committee members. Overwhelmingly, but not unanimously, audit committee members that have submitted views to the PCAOB oppose the NOCLAR proposal.
In June, the PCAOB issued for public comment a proposal to amend the auditing standards related to the auditor’s responsibility for considering a company’s noncompliance with laws and regulations. See PCAOB Proposes to Expand Auditor Responsibility for Financial Statement Fairness and for Legal Compliance, May-June 2023 Update. Current PCAOB standards require the auditor to perform procedures designed to provide reasonable assurance of detecting illegal acts that would have “a direct and material effect” on the determination of financial statement amounts. The proposal would discard the distinction between direct and indirect effects of illegal acts on the financial statements and instead broadly require auditors to identify and evaluate information indicating that noncompliance with laws and regulations, including fraud, has or may have occurred and to communicate such information to management and the audit committee.
Under the new standard, if adopted, the auditor would be required to plan and perform audit procedures to (1) identify laws and regulations with which noncompliance could reasonably have a material effect on the financial statements; (2) assess and respond to risks of material misstatement of the financial statements due to noncompliance with those laws and regulations; and (3) identify whether there is information indicating such noncompliance with those laws and regulations has or may have occurred. The Board approved the NOCLAR proposal by a 3-2 vote, with the two CPA members dissenting. Board Member Christina Ho characterized the proposal as “a breathtaking expansion of the auditors’ responsibilities, which I believe will hurt investors.”
Audit Committee Member Comments
As of August 31, the Board had posted 137 NOCLAR public comments on its website. Fourteen of the comments express the views of audit committee members. Three are letters from groups of audit committee members or organizations summarizing the views of their audit committee members; six are from individual audit committee members; two were submitted on behalf of public company audit committees; and three are company comments in which the audit committee or its chair joined. Below is a sample of the views expressed in these comments.
1. Group Comments
A. Audit Committee Chairs, Members, and Board Members. This letter, which is signed by 170 individuals, states that it “represents the views of audit committee chairs and members, as well as other corporate board members.” The Center for Audit Quality (CAQ) organized the letter, facilitated audit committee chairs and members across various industries in joining in the letter, and submitted it to the PCAOB on behalf of the participants. The signatories are concerned that:
The proposed scope is too broad. (“The proposed requirement that auditors identify ‘laws and regulations with which noncompliance could reasonably have a material effect on financial statements’ is duplicative and unnecessary.”)
The proposal does not sufficiently take into account a company’s existing compliance function and the shared responsibility of the board of directors, the audit committee, the chief compliance officer, and the general counsel.
Auditors are not lawyers and as a result the proposed amendments would expand the auditor’s role to include knowledge and expertise outside their core competencies.
The proposal will substantially increase the cost of the audit without a commensurate benefit.
The letter also states that this group believes that:
Any change should keep the auditor focused on NOCLAR that could materially impact the financial statements, such as material penalties or loss contingencies.
Any requirement of the auditor should be risk-based and consider the role the company’s compliance program plays in detecting NOCLAR that could be material to the audited financial statements.
B. The Audit Committee Council (ACC). The ACC letter expresses the views of a CAQ advisory committee comprised of audit committee chairs and members. The ACC makes five points:
Proposed scope is too broad. “The proposed amendments would require auditors to identify ‘laws and regulations with which noncompliance could reasonably have a material effect on financial statements.’ To do this an auditor would first be required to identify all the laws and regulations applicable to the company. The largest of public companies are subject to a vast number of laws, regulations, etc.”
Auditors are not lawyers. The proposal would require skills, knowledge, and expertise that lie outside the auditor’s core competencies. “Broadening the scope of the laws and regulations for which the auditor considers whether non-compliance could reasonably have a material impact on the financial statements beyond the finite laws and regulations for which auditors have an understanding (e.g., financial, tax, etc.) does not seem to be consistent with the objectives of a financial statement audit.”
Existing three lines of defense within companies. “By design a significant control element of compliance with laws and regulations appropriately rests with the three lines of defense within corporations. * * * External auditors do not represent a large percentage of identified frauds because compliance programs are operating at a sophisticated level such that wrongdoings and/or potential wrongdoings are detected independent of the external auditor’s procedures.”
Increase risk to legal privilege. Sharing of information related to legal compliance with the auditor “would increase risk to the legal privilege issuers have with their internal and external counsels.”
The ACC recommendations that the PCAOB broaden its procedures for stakeholder input beyond the comment letter process to include “audit committee roundtables, individual out-reach, and surveys” to make the standard setting process more accessible to audit committee members and to obtain input “prior to publishing a significant proposal such as NOCLAR.”
C. Tapestry Networks (Tapestry). Tapestry’s letter states that Tapestry convened a selection of audit committee chairs who participate in its U.S. Audit Committee Networks and Audit Committee Leadership Network to discuss the NOCLAR proposal. (EY sponsors Tapestry’s U.S. audit committee networks but did not participate in the discussion.) Tapestry’s letter reflects the dialogue with these audit committee chairs. Tapestry discusses six “overarching themes” and five “specific concerns.” The overarching themes are:
Clarity of intent. Most audit committee chairs would like to see greater clarity from the PCAOB about the intent and focus of the proposed changes.
Open discussions with the external auditor. An audit chair is quoted as commenting that “these proposals could have a chilling effect on audit quality gains made in the last five to ten years and the stronger relationship between audit committees and the external auditor.”
Expectations gap. Audit committee chairs felt that the proposed changes could further widen the gap between what auditors are required to do in a financial statement audit and what stakeholders expect auditors to do.
Role of the SEC. Audit committee chairs asked whether the SEC was better positioned than the PCAOB to address NOCLAR issues.
Impact on the audit profession. An audit chair expressed concern about “the effect of the proposed changes and the increase in the auditor’s responsibilities on the profession more broadly, which is already challenged for talent and skills.”
The specific concerns are:
The proposals do not take other regulators or existing compliance functions into account.
The proposals would require inordinate efforts to build new systems and procedures.
Legal matters are complex and constantly evolving, and there may be issues around privilege.
The proposals fail to take account of the [audit and risk] committees’ existing scope and activities.
Auditors may not have the expertise to comply with the new requirements.
2. Individual Audit Committee Member Comments
Six individuals who described themselves as audit committee chairs or members submitted comments. Five of the six were critical of the proposal. For example:
Vanessa C.L. Chang. “The Proposal to expand auditing standards also expands the liability and responsibility of the Audit Committee in their oversight of the auditors who are not qualified to conclude on noncompliance of the laws and regulations applicable to the company.”
Donna Harman. “This proposed rulemaking is a gross over-reach of the PCAOB’s legitimate role of ensuring proper auditing to protect the public’s interest. It is duplicative and conflicting with other local, state and federal government agencies’ oversight and enforcement respons-ibility. Accountants are not equipped to judge compliance with all rules and laws * * *.”
However, one audit committee chair expressed strong support: “Where we are today is not adequate. It’s not even in the neighborhood of adequate. I strongly support the expansion of auditor responsibility to consider instances of noncompliance and their potential impact on the financial statements whether those impacts are direct or indirect.” Jon Lukomnik.
3. Audit Committees and Public Company Comment with Audit Committee Concurrence
Two comments were submitted on behalf of the entire membership of the audit committee of specific companies. (Audit Committee of Microchip Technology Incorporated, Audit Committee of Primerica, Inc.) In addition, in three cases, the audit committee chair or full committee submitted or joined in comments on behalf of the public company. (The Williams Companies, World Kinect Corporation, Stewart Information Services Corporation). All five of these comments opposed the NOCLAR proposal.
Comment: The PCAOB’s comment file indicates that the great majority of audit committee members who commented do not support the NOCLAR proposal, at least in its current form. Regardless of one’s views on the benefits of greater auditor responsibility to identify legal violations, it seems clear that the proposal would significantly increase the scope of the auditor’s responsibilities, the cost of the audit, and the volume of information concerning possible legal violations that would be brought to the audit committee’s attention. Sifting through this information would place new demands on audit committee time and resources.
In light of the comments received, it seems likely that the PCAOB will modify its NOCLAR proposal before moving to final adoption. Because of the potential impact on the audit committee’s work, committees should ask their auditor or legal counsel to keep them informed of the progress of this initiative.