“By catching and communicating noncompliance sooner, auditors can help companies course correct and better protect investors from risk,” said the Public Company Accounting Oversight Board (PCAOB) Chair Erica Y Williams as the regulator issued a new proposal for public comment. The PCAOB wants to amend PCAOB auditing standards related to the auditor’s responsibility for considering a company’s noncompliance with laws and regulations, including fraud.
If adopted, the proposal would strengthen auditor requirements to identify, evaluate, and communicate possible or actual noncompliance with laws and regulations. The deadline for public comment on the proposal is August 7.
The proposal seeks to strengthen and enhance auditor obligations related to a company’s noncompliance with laws and regulations in three key respects.
- Identify laws and regulations: The proposal would establish specific requirements for auditors to proactively identify – through inquiry and other procedures – laws and regulations that are applicable to the company and that could have a material effect on the financial statements, if not complied with. The proposal also makes explicit that financial statement fraud is a type of noncompliance with laws and regulations.
- Evaluate effect on financials, skillsets: The proposal would strengthen requirements related to the auditor’s evaluation of whether noncompliance with laws and regulations has occurred, and if so, the possible effects on the financial statements and other aspects of the audit. It would require the auditor to consider whether specialized skill or knowledge is needed to assist the auditor in evaluating information indicating noncompliance has or may have occurred.
- Communicate to management, board: The proposal would make it clear that the auditor is required to communicate to the appropriate level of management and the audit committee as soon as they are made aware that noncompliance with laws or regulations has or may have occurred.
Additionally, the proposal would create a new requirement that the auditor must communicate to management and the audit committee the results of the auditor’s evaluation of such information. Specifically, this communication would address which matters are likely noncompliance and the effect on the financial statements for those matters that are likely noncompliance.
The PCAOB says that by requiring auditors to identify and communicate noncompliance sooner, the proposed amendments, if adopted, would encourage companies to take more timely remedial actions, reducing investor harm caused by legal and regulatory penalties, and lowering the likelihood that financial statements are materially misstated.
Closeup of some of the changes
Under current rules, auditors of public companies need to identify “illegal acts” that could reasonably have a direct and material impact on the financial statements of their clients.
The proposal seeks to replace “illegal acts” with “noncompliance with laws and regulations,” to broaden this identification requirement, plus it expressly includes fraud within the definition of such noncompliance, and mandates such an identification regardless of whether the impact on financial statements is direct or indirect.
“[I]t is the auditor’s responsibility to proactively be on guard for all noncompliance that may have a material impact on the financial statements.”PCAOB Chair Erica Y Williams
The proposal expands the auditor’s requirement to communicate information about suspected noncompliance to management and the audit committee, including an expectation that the auditor will report the full results of the auditor’s evaluation.
It clarifies that auditors must evaluate the implications for the audit when transactions or relationships with a related third party indicate noncompliance has or may have occurred, regardless of whether that information was disclosed by the company to the auditor or not.
And it goes further than current rules in obligating auditors to assess whether outside experts must be consulted to evaluate information once they have become aware a client might have violated a law or regulation. Current standards require auditors to consult with such specialists only if corporate executives don’t sufficiently show the company did not commit an illegal act.
Williams said the existing standard could be interpreted to allow auditors to have limited responsibilities with respect to noncompliance with certain laws and regulations unless they happen to stumble on the information.
“[I]t is the auditor’s responsibility to proactively be on guard for all noncompliance that may have a material impact on the financial statements,” she said.