SEC Chief Accountant Discusses Audit Committee Oversight of Other Auditors
SEC Chief Accountant Paul Munter has issued a statement in response to the increased use in audits of SEC reporting companies of accounting firms and individual accountants other than the lead auditor (“other auditors”). In Responsibilities of Lead Auditors to Conduct High-Quality Audits When Involving Other Auditors (March 17, 2023), Mr. Munter discusses the responsibilities of the lead auditor with respect to the work of other auditors and points out some of the risks and issues that can arise from their use. He also urges audit committees to actively engage with the lead auditor concerning the work of these firms and suggests questions that the audit committee should ask.
Use of Other Auditors
According to the Munter statement, in 2021, 26 percent of public company audit engagements involved the use of other auditors, often in countries with “different business cultures and languages from those of the lead auditor.” However, academic research indicates that the quality of the work of other auditors is inconsistent. “Such findings highlight the importance of the lead auditor’s role, and especially that of the lead engagement partner, to ensure investor protections by safeguarding against engagement performance failures due to inadequate planning, supervision, and oversight of other auditors.”
Both PCAOB enforcement actions and SEC staff observations have revealed “shortcomings” in lead auditors’ oversight of the work of other auditors. For example, a PCAOB case charged that the lead auditor used an affiliated audit firm to play a substantial role in an audit, but the affiliated firm was not registered with the PCAOB. In addition, the SEC staff has observed instances in which the lead auditor failed to accurately communicate the name, location, or planned responsibilities of other auditors to the audit committee. In some cases, the lead auditor’s Form AP (a PCAOB filing which is required to list other participating auditors) has contained inaccurate or omitted information regarding other auditors, such as failing to report the correct legal entity or inaccurately disclosing the audit hours incurred by other accounting firms.
The Importance of Quality Controls
The deficiencies can be the result of inadequate controls. Audit firms are required to have systems of quality control supervision that encompass the work of other auditors. “We remind all auditors, regardless of their role as either lead or other auditor, of the importance of the proper design and application of quality control policies and procedures to sufficiently reduce the risks to audit quality that are inherent in audits involving other auditors.”
The network structure of the large firms can also result in confusion regarding the use of other auditors. Many accounting firms operate within a network structured such that network member firms are distinct legal entities that may have different systems of quality control. Other stakeholders may not understand the network structure. For example, inaccurate or incomplete communications regarding other auditors may impact the audit committee’s ability to perform its responsibilities.
“[B]ecause many accounting firms operate within a network of separate accounting firms, instances of faulty or incomplete communication with the audit committee risks confusing or misleading the committee into thinking that the engagement involves a single registered public accounting firm rather than a lead audit firm and other auditors within the same network. Because audit quality may not be the same in all accounting firms within a network, clear, accurate communication with the audit committee about which firms performed the work and the steps the lead auditor took to drive greater consistency in audit quality throughout the performance of the engagement is critical to the audit committee’s ability to oversee and evaluate the performance of the independent audit firm.”
Mr. Munter adds that, while there are no requirements for network firms to apply the same quality controls across the network, there are benefits in doing so since “enforcement actions and adverse inspection results for one member firm could impact the reputation of the network as a whole.”
Mr. Munter also notes that the involvement of other auditors increases the risk of independence violations. In particular, non-U.S. network member may not sufficiently understand SEC and PCAOB independence requirements or have appropriate controls to prevent or detect violations. He recommends a firm-wide or network-wide approach to independence that “looks not only to the current impact of non-audit and business relationships on audit clients but also anticipates foreseeable future impacts, especially for those relationships that cannot be easily unwound.”
Audit committees “should be actively engaging with the lead auditor” to consider the sufficiency of the lead auditor’s policies and procedures around supervision and evaluation of the audit work performed by other auditors. Audit committees should also give “careful consideration to the lead auditor’s use of other auditors, especially in areas of significant risk.” The statement suggests several questions that audit committees may want to ask their auditor concerning the use of other firms:
Are there other participating accounting firms that play a substantial role in the audit?
If so, are they registered with the PCAOB and subject to PCAOB inspections?
How does the lead auditor supervise the audit work performed by other auditors?
How does the lead auditor ensure that the work is being performed by other auditors that understand the requirements of the applicable financial reporting framework and the PCAOB’s auditing and related professional standards?
Mr. Munter also warns public companies and their audit committees that the activities of other auditors can potentially result in the company committing a securities law violation: If an accounting firm that is not registered with the PCAOB plays a “substantial role” in a company’s audit (as defined in the PCAOB’s rules), the company’s financial statements would be considered not audited. As a result, “Any accompanying annual report, proxy statement, or registration statement containing or incorporating by reference such financial statements creates potential liabilities for the issuer and others and may result in time consuming and costly remediation efforts.” To protect against this possibility, management and the audit committee should discuss the PCAOB registration status of other auditors that participate in the audit with their lead auditor.
Comment: The fact that the Chief Accountant issued this statement indicates that oversight of the work of other auditors is an SEC concern. As a matter of professional standards, supervision of the participation of other auditors is a responsibility that falls to the lead auditor. It is however significant that Mr. Munter asserts that audit committees have a role to play in that oversight and pointedly reminds audit committees and public companies that the improper participation of other firms can, at least in theory, cause the reporting company to violate the securities laws.
Audit committees should be aware of the concerns Mr. Munter raises and should make his suggested questions part of their dialogue with the engagement partner. In the event of an audit breakdown involving a participating firm, the SEC may ask whether the company’s audit committee took any steps to engage with the lead auditor regarding the work of other firms.