PCAOB Standards Amendments Could Increase Auditor Responsibilities
Aug. 3, 2023
In early June, the Public Company Accounting Oversight Board (“PCAOB” or “the Board”) proposed comprehensive amendments that impact how auditors consider noncompliance with laws and regulations, creating the possibility of a massive shift in auditor responsibilities. The proposal also indicates that auditors have a heightened responsibility to identify fraud. The Board’s efforts are consistent with parallel regulatory efforts to push auditors, lawyers and other service providers to take a more aggressive view of their role as gatekeepers in stopping alleged wrongdoing and to bring enforcement actions in those who shirk their responsibility.
Notably, under current PCAOB standards, auditors are required to identify noncompliance with laws and regulations that have a direct and material effect on the financial statements. The amendments now also require auditors to consider noncompliance with laws and regulations that have an indirect effect.
The PCAOB grounded its proposal in research indicating that “that laws and regulations considered to have indirect effects on the financial statements, such as anti-money laundering regulations and environmental regulations, among others, can lead to substantial fines and penalties if violated.” One issue to consider is auditors typically examine all potential wrongful acts that could be implicated in a company’s business, so the reality of this provision is that potentially latent and tangentially related areas of law that have nothing to do with a company’s primary business can now be the source of enforcement actions. This is especially concerning as several agencies – including the Securities and Exchange Commission (“SEC”) which has oversight of the PCAOB – have recently pursued historically aggressive enforcement agendas.
This in conjunction with several questions included in the proposal indicate that auditors may have increased responsibility to consider regulations and laws related to digital assets, and new controversial SEC regulations such as the forthcoming climate disclosure rules, among many other rules.
As an example, the proposed amendments state,
“a company might provide the auditor with information related to its recent expansion of manufacturing operations in a location with new strict regulations on greenhouse gas emissions, including information about the regulatory environment. The auditor would consider the business risks of the new operations, including the regulatory environment, when assessing the risk of material misstatement in the financial statements. This consideration would include the potential for contingencies or reserves associated with the strict climate regulations.”
The proposed amendments also look further into how companies are complying with laws and regulations at the management level. Board Member and former SEC Commissioner Kara Stein cautions auditors must look to other sources outside of the company to audit the company’s legal compliance. Stakeholders should consider that this could empower third parties including the typical muckraking “due diligence research firms,” like Muddy Waters Research, which publishes supposed expose of company wrongdoing and have a mixed track record in accurate reporting. The auditors may need to make better use of third party research services to scour the internet on their own client.
Additionally, PCAOB is essentially requiring auditors to shadow as in-house counsel for their own clients. The proposal requires auditors to obtain an understanding of the regulatory environment and management’s processes related to identifying laws and regulations with which noncompliance could reasonably have a material effect on the financial statements.
More Modifications of Interest
Among other changes, the proposal would enhance current requirements by requiring auditors to:
- Establish specific requirements to understand management’s processes regarding compliance with laws and regulations, which can provide insight into the company’s control environment, and to identify, through inquiry and other procedures, laws and regulations applicable to the company with which noncompliance could reasonably have a material effect on the financial statements.
- Describe the nature of the laws and regulations that the auditor should understand as part of the audit.
- Plan and perform specified procedures, including risk assessment procedures, to identify whether there is information indicating noncompliance with laws and regulations has or may have occurred.
- Assess and respond to risks of material misstatement due to noncompliance with those identified laws and regulations with which noncompliance could reasonably have a material effect on the financial statements, which could enhance their ability to identify whether there is information indicating that noncompliance with such laws and regulations has or may have occurred.
Proposal Specifics
On a technical basis, the proposal would:
(1) Replace: Existing AS 2405, Illegal Acts by Clients (“Current AS 2405”), with a new AS 2405, A Company’s Noncompliance with Laws and Regulations (“Proposed AS 2405”);
(2) Amend: AS 2110, Identifying and Assessing Risks of Material Misstatement; and Other auditing and related professional practice standards; and
(3) Rescind:
AS 6110, Compliance Auditing Considerations in Audits of Recipients of Governmental Financial Assistance;
AI 13, Illegal Acts by Clients: Auditing Interpretations of AS 2405; and
AI 21, Management Representations: Auditing Interpretations of AS 2805.
Other Items of Note
Currently, AS 2405 operates in conjunction with the illegal acts provisions of Section 10A of the Securities Exchange Act of 1934, 15 U.S.C. § 78j-1 (“Exchange Act”). Previously, there were no procedures designed to detect illegal acts with an indirect effect on financial statements. The proposal, however, would change that presumption by “enhancing identification and communication obligations” that are in addition to the baseline identification and communication requirements set forth in Section 10A.
Further, while Section 10A does not apply to audits of SEC-registered brokers or dealers, the proposal extends the requirements of the statute and those additional obligations to all audits conducted under PCAOB standards, effectively capturing SEC-registered brokers or dealers.
The proposal broadens the wrongful acts potentially covered by replacing the term “illegal acts” throughout the standard with “noncompliance with laws and regulations” or what the Board has dubbed “NOCLAR.” The stated purpose of this proposed change is so that auditors do not interpret the term “illegal acts” to exclude instances of noncompliance perceived not to be significant enough to examine pursuant to the requirements in existing AS 2405 without considering the effect those instances could have on the financial statements.
While the Board interprets the current requirements to include any noncompliance by the company whose financial statements are under audit, Section 10A(a)(1) requires that issuer audits include “procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts.”
As noted, the proposal also makes explicit that fraud is a type of noncompliance with laws and regulations by including fraud, as described in AS 2401, Consideration of Fraud in a Financial Statement Audit, in the proposed definition of “noncompliance with laws and regulations.” The proposed amendments would also require the auditor to make specific inquiries of management, the audit committee, internal audit personnel and others regarding noncompliance with laws and regulations.
Looking Ahead
The Board is seeking comments on the proposed amendments until Aug. 7, 2023. Notably, two members of PCOAB dissented and took issue with the amendments, highlighting concerns with the practicability of putting such increased responsibility on the shoulders of auditors. Stakeholders have questioned what this means for compliance programs at public companies, and whether this new level of coordination with auditors will compound regulatory and legal costs and resources burdens. Depending on how PCOAB moves forward, public companies will need to consider some extensive and expensive shifts in how they are complying with and advocating related to regulatory proposals at the SEC and other regulators.
[bhfs.com]