The Center for Audit Quality has released, Illegal Acts: The External Auditor’s Responsibilities. This publication provides an overview of the auditor's responsibilities under the PCAOB’s auditing standards with respect to illegal acts and how those responsibilities differ from the auditor’s responsibility to detect fraud. The auditor’s responsibility for illegal acts is often misunderstood, and the CAQ’s publication provides a useful introduction to the topic for audit committee members and others.
The PCAOB’s auditing standards require the auditor to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. In contrast, the PCAOB’s standards normally do not require auditors to perform procedures designed to detect illegal acts. However, the performance of audit procedures may bring possible illegal acts to the auditor’s attention. When that happens, the auditor is required to obtain an understanding of the nature of the illegal act, the circumstances in which it occurred, and other information to evaluate any effect on the financial statements. The CAQ states that, in general, the potential impact of an illegal act on the financial statements falls into one of three categories:
The possible illegal act is not directly material to the financial statements and is not likely to have an indirect material financial statement impact (e.g., a company employee accepted a bribe from a supplier). Illegal acts that are immaterial to the financial statements may nonetheless raise audit-related issues concerning such matters as the company’s internal controls and ethical culture.
The possible illegal act is not directly material to the financial statements, but could have a material indirect impact (e.g., the illegal act requires consideration of the need for a loss contingency).
The possible illegal act has a direct material impact on the financial statements, requiring the auditor to respond as in the case of any material misstatement.
While outside the scope of the CAQ publication, audit committees should also be aware that Section 10A of the Securities Exchange Act imposes certain requirements on public company auditors with respect to illegal acts. Section 10A provides that financial statement audits “shall include * * * [p]rocedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statements amounts.” In addition, the Act requires that, whenever an auditor becomes aware that an illegal act may have occurred, regardless of impact on the financial statements, the auditor must inform the appropriate level of the management and assure that the audit committee (or the board of directors in the absence of an audit committee) is notified. In the case of an illegal act that has a material financial statement impact, if management and the board fail to take “timely and appropriate remedial action”, the auditor must report to the SEC.