The Public Company Accounting Oversight Board has issued two sets of proposed revisions to the public company auditing standards. These proposals, if adopted, could significantly affect the scope of the auditor’s work, the range of issues auditors raise with audit committees, and the cost of public company audits.
General Responsibilities of the Auditor
On March 28, the Public Company Accounting Oversight Board issued for public comment General Responsibilities of the Auditor in Conducting an Audit, a release that proposes a new auditing standard, AS 1000. If adopted, AS 1000 would reorganize and consolidate existing PCAOB standards that address the core principles and responsibilities of the auditor, such as reasonable assurance, professional judgment, due professional care, and professional skepticism. According to the PCAOB release announcing the proposal, AS 1000 and the related amendments “are designed to streamline and clarify general principles and responsibilities of auditors and provide a more logical presentation, which would enhance the useability of the standards by making them easier to read, understand, and apply.” The public comment period on the proposal ended May 30, 2023.
In the PCAOB’s view, proposed AS 1000 would not make fundamental changes in the auditor’s responsi-bilities. However, it appears that, in at least one respect, the proposal could change the issues an auditor must consider in determining whether to issue a clean audit opinion and could lead to disagreements with management and discussion with the audit committee concerning financial statement presentation.
At present, and under the proposal, the auditor expresses an opinion on whether the financial statements “present fairly” in all material respects the company’s financial position and results of operations “in conformity with the applicable financial reporting framework.” Under the existing standards, the auditor's judgment concerning fair presentation is made in the context of generally accepted accounting principles -- GAAP. Under the proposal, the auditor would be required to evaluate, in addition to GAAP conformity, whether “the information in the financial statements is presented and classified appropriately and in a manner that would be informative and not misleading to a reasonable investor” and whether “transactions and relevant events and conditions are appropriately recognized, measured, and disclosed in the financial statements.” The PCAOB’s release explains that these amendments would “clarify” that the auditor’s determination of fairness “goes beyond” evaluation of whether the financial statements are presented in “mere technical compliance” with the applicable financial reporting framework.
By decoupling the concept of fair presentation from GAAP compliance and introducing judgmental issues like what would be “informative and not misleading” and “appropriate,” the proposal seems to open potential areas for disagreement between auditors and management concerning financial statement presentation, notwithstanding that there is no dispute that the statements are in accordance with GAAP. Even if the auditor issues a clean audit opinion, these kinds of judgmental questions are likely to be brought to the audit committee and may become the basis for public disclosure in the auditor’s report as critical audit matters. (This and other issues raised by the PCAOB’s General Requirements proposal are discussed in my post on The Audit Blog, The PCAOB’s “Modest Proposal” to Modernize the Foundations of Auditing.)
NOCLAR
On June 6, the Board, by a 3-2 vote, issued for public comment Amendments to PCAOB Auditing Standards related to a Company’s Noncompliance with Laws and Regulations. This proposal would amend the auditing standards related to the auditor’s responsibility for considering a company’s noncompliance with laws and regulations (NOCLAR). In her public meeting statement explaining the proposal, PCAOB Chair Erica Williams observed that a “company’s noncompliance with laws and regulations, including fraud, can have devastating consequences for investors. When sanctions, fines, and civil settlements directly affect a company’s bottom line, or reputational damage causes a company’s stock value to decline, innocent investors pay a price. * * * [W]e’ve seen far too many examples of investors getting hurt due to noncompliance with laws and regulations.”
Current PCAOB standards require the auditor to perform procedures designed to provide reasonable assurance of detecting illegal acts that would have “a direct and material effect” on the determination of financial statement amounts. However, the auditor is not required to include audit procedures designed to detect illegal acts with an “indirect effect” on the financial statements. The PCAOB’s proposal would discard the distinction between direct and indirect effects of illegal acts on the financial statements and instead broadly require auditors to identify and evaluate information indicating that noncompliance with laws and regulations, including fraud, has or may have occurred and to communicate such information to management and the audit committee.
The NOCLAR proposal would replace current PCAOB auditing standard AS 2405, Illegal Acts by Clients, with a new standard, AS 2405, A Company’s Noncompliance with Laws and Regulations. Among other things, the new standard would delete the term “illegal acts” and instead refer to “noncompliance with laws and regulations.” The new standard would expand the auditor’s obligation to plan and perform audit procedures to (1) identify laws and regulations with which noncompliance could reasonably have a material effect on the financial statements; (2) assess and respond to risks of material misstatement of the financial statements due to noncompliance with those laws and regulations; and (3) identify whether there is information indicating such noncompliance with those laws and regulations has or may have occurred. Auditors would also have enhanced obligations to evaluate of information related to noncompliance, including evaluating the timeliness and appropriateness of management’s remedial actions, and to communicate information indicating noncompliance has or may have occurred to management and the audit committee.
According to the PCAOB press release announcing the NOCLAR proposal, it would strengthen and enhance auditor obligations related to noncompliance with laws and regulations in three respects:
Identify – The proposal would establish specific requirements for auditors to proactively identify – through inquiry and other procedures – laws and regulations that are applicable to the company and that could have a material effect on the financial statements, if not complied with. The proposal also makes explicit that financial statement fraud is a type of noncompliance with laws and regulations.
Evaluate – The proposal would strengthen requirements related to the auditor’s evaluation of whether noncompliance with laws and regulations has occurred, and if so, the possible effects on the financial statements and other aspects of the audit. For example, the proposed standard would require the auditor to consider whether specialized skill or knowledge is needed to assist the auditor in evaluating information indicating noncompliance has or may have occurred.
Communicate – The proposal would make it clear that the auditor is required to communicate to the appropriate level of management and the audit committee as soon as they [i.e., auditors] are made aware that noncompliance with laws or regulations has or may have occurred. Additionally, the proposal would create a new requirement that the auditor must communicate to management and the audit committee the results of the auditor's evaluation of such information. Specifically, this communication would address which matters are likely noncompliance and the effect on the financial statements.
Under the existing auditing standards, the auditor must communicate with the audit committee after an illegal act has come to the auditor’s attention. The proposal would create more detailed and specific communications requirements, potentially including three types of communications with the audit committee or full board regarding noncompliance with laws or regulations.
The auditor would to be required to communicate with management and the audit committee “as soon as practicable” upon becoming aware of information suggesting that legal noncompliance “has or may have occurred.” Thus, the audit committee would have to be informed even in cases where the auditor suspects – but has not actually determined – that some type of noncompliance has, or is likely to have, occurred and regardless of any financial statement impact.
A second audit committee communication would be required after the auditor has evaluated the information indicating that noncompliance may have occurred. The auditor would be required to communicate to management and, unless the matter is clearly inconsequential, to the audit committee the results of the auditor’s evaluation. This second communication would be required to identify likely instances of noncompliance and whether there is a material effect on the financial statements.
The auditor would also be required to communicate to the full board of directors when the auditor concludes (a) the likely noncompliance has a material effect on the financial statements; (b) senior management has not taken, and the board of directors has not caused senior management to take, timely and appropriate remedial action with respect to the likely noncompliance; and (c) the failure to take remedial action is reasonably expected to warrant departure from an unqualified opinion or resignation from the audit engagement.
The two CPA members of the PCAOB dissented from issuance of the NOCLAR proposal. In her statement, at the meeting during which the NOCLAR proposal was approved, Board Member Christina Ho characterized the proposal as “a breathtaking expansion of the auditors’ responsibilities, which I believe will hurt investors.” She pointed specifically to the effort that would be necessary for auditors to identify all laws and regulations applicable to the public company under audit and to the fact that such an undertaking would transform the auditor’s role “from one of providing reasonable assurance to one of performing a manage-ment function.” She also predicted that the proposal would “significantly expand auditors’ need for expertise from lawyers, legal experts, and possibly other specialists, resulting in a substantial increase in audit fees.”
Board Member DesParte’s statement raised similar objections. In particular, he emphasized that the proposal would require auditors “to identify any and all information that might indicate instances of noncompliance of any law or regulation across the company’s entire operations, without regard to materiality. * * * This is well beyond both the scope of the financial statement audit and the auditor’s core competency; and will trigger the need—at great cost-- to significantly increase the use of lawyers and others as specialists on many, if not all PCAOB audit engagements on a recurring basis.” As to the proposed audit committee communications requirements, he stated:
“It is questionable whether it would be useful or a distraction to the Audit Committee for the auditor to communicate information indicating potential noncompliance prior to the auditor’s evaluation of whether the noncompliance has likely occurred or of any financial statement impacts (vs. only reporting matters deemed likely to have occurred and/or to have material financial statement implications).”
The public comment period on the NOCLAR proposal is open until August 7, 2023.
Comment: As discussed above, both PCAOB proposals could, if adopted, affect audit committees by expanding the scope and nature of financial reporting and legal compliance issues that auditors would be required to bring to the committee’s attention. In some ways, audit committees might benefit from this wider range of input and insight from the auditor. For example, while it may be difficult for auditors to reach conclusions as to whether GAAP financial statements are “appropriate” and optimally informative, these are the kinds of questions that audit committees (and of course management) should consider. On the other hand, as Board Member DesParte’s comments suggest, the NOCLAR proposal seems to have the potential to flood audit committees with a mass of information concerning possible legal violations that may or may not have occurred and that may or may not be significant from a financial reporting perspective. Shifting through these types of matters – which would likely be necessary once the committee is on notice of them – does not seem like an effective use of audit committee time and resources.
Because of their potential impact, audit committees may wish to ask their auditor or legal counsel to keep the committee informed of the progress of these two PCAOB initiatives.