The Public Company Accounting Oversight Board (PCAOB) has proposed changes to its auditing standards that would significantly expand auditors’ responsibilities and oversight of a company’s noncompliance with laws and regulations. If adopted as proposed, the rules would require auditors to play an active role in identifying, assessing and responding to noncompliance with laws and regulations, and would broaden the scope of auditor oversight to include such noncompliance. While the proposal seeks to modernize standards that were last updated in 1988, the scope and nature of the proposed changes have raised concerns.
Two PCAOB Board Members with accounting and/or audit backgrounds—Duane DesParte and Christina Ho—have raisedconcerns about the proposed amendments which have been echoed in comment letters submitted to the PCAOB. The concerns, which we believe to be well-founded, include the likelihood that the proposed changes would place undue burdens on auditors to duplicate existing internal compliance procedures and processes and other management functions, require auditors to make substantive judgments on legal and compliance matters requiring skills, knowledge and expertise beyond their professional competencies and expertise, and increase risk to the attorney-client privilege by significantly expanding the sharing of information around sensitive topics that are very likely to be the subject of attorney advice between companies and their auditors. The proposed rules would also likely significantly increase the costs of audits, including legal costs to ensure auditors are properly complying with the rules.
The key proposed changes include:
- Adopting an expansive definition of “noncompliance with laws and regulations” that includes any “act or omission, intentional or unintentional, by the company whose financial statements are under audit, or by the company’s management, its employees, or others that act in a company capacity or on the company’s behalf, that violates any law, or any rule or regulation having the force of law” other than personal conduct by company personnel unrelated to the company’s business activities, whether or not such acts or omissions are perceived to have a material effect on the financial statements.
- Establishing specific requirements under AS 2405 for the auditor to (i) plan and perform procedures to identify the laws and regulations which could reasonably have a material effect on the financial statements if not complied with, (ii) assess and respond to risks of material misstatement of financial statements due to noncompliance with those laws and regulations, and (iii) identify whether there is information indicating that noncompliance with those laws and regulations has or may have occurred.
- Enhancing existing risk assessment procedures under AS 2110 to include, among other things, (i) understanding the company and its environment, including the regulatory environment, (ii) understanding management’s processes related to preventing, responding and disclosing noncompliance with laws and regulations, and (iii) making specific inquiries of management, the audit committee and others regarding noncompliance with laws and regulations.
- Requiring auditors, in the event of noncompliance, to determine whether senior management has taken timely and appropriate remedial action, including conducting or cooperating with internal investigations, taking disciplinary action against involved personnel, seeking restitution, adopting preventive or corrective company policies or modifying specific control activities.
The comment window for the PCAOB’s proposal closes on August 7, 2023. Additional information regarding the rulemaking process and submitted comment letters can be found here.
This post comes to us from Wachtell, Lipton, Rosen & Katz. It is based on the firm’s memorandum, “PCAOB Proposal to Expand Auditors’ Oversight Role Raises Concerns,” dated July 31, 2023.