PCAOB Focuses on Audit Committee Interactions with Auditors
- Thomas White, Jonathan Wolfman
- 8.27.2012
The Oversight Board (PCAOB)1 has recently taken two actions that address the interaction between and their companies’ independent auditors: First, it issued guidance for about the PCAOB’s firm inspection process. Second, it adopted, subject to approval by the Securities and Commission (SEC), a new auditing standard on auditor communications with .
Even though the PCAOB’s legal authority extends only to auditors, not their clients, these actions may significantly affect how carry out their financial reporting oversight role.
Guidance to About the PCAOB Inspection Process
On August 1, the PCAOB issued guidance for to assist them in understanding and using the PCAOB’s reports on its inspections of . Under the Sarbanes-Oxley Act, the PCAOB is required to conduct a program of inspections of based on review of selected engagements. The largest firms are inspected annually, others every three years. Sarbanes-Oxley requires the PCAOB to make public the results of its inspections, except for criticisms of a firm’s quality control systems, which are not made public unless the firm fails to remediate the quality control deficiencies within 12 months after the issuance of the PCAOB’s report.
The PCAOB’s release on Information for Audit Committees About the PCAOB Inspection Process2 discusses how the inspection program is implemented in practice and what the inspection reports cover. The release emphasizes that inspections cover certain aspects of selected and are not designed to review all of a firm’s or to identify every respect in which a reviewed may be deficient. The public portion of the report describes deficiencies in particular identified by the PCAOB during the inspection process. The non-public portion of an inspection report, according to the release, describes “deficiencies in the firm’s overall system of quality control such that the [PCAOB] has doubts that the system provides reasonable assurance that professional standards are met.”
Perhaps the PCAOB’s most important message in the release is that it views seriously the deficiencies that are identified in its inspection reports, and should view “with skepticism” statements by their auditor that may appear to minimize the significance of the deficiencies. According to the PCAOB, if it decides to report a deficiency, that means it has found that, as to certain procedures, “the firm did not satisfy its fundamental responsibility to obtain reasonable assurance about whether the financial statements are free of material misstatement.” Statements to the effect that a deficiency was “just a documentation problem,” that there was “a difference in professional judgment,” or that “the firm has addressed the criticisms in accordance with PCAOB standards” may not be complete or accurate characterizations of the PCAOB’s findings or the auditor’s response. At the same time, the PCAOB cautions against generalizing from the PCAOB’s description of specific deficiencies: “A PCAOB inspection report—regardless of whether it identifies a deficiency—does not mean that the firm's unreviewed work was, or was not, deficient. Thus, results reported in a PCAOB inspection report should not necessarily be understood to mean that the unreviewed work of the firm was deficient.”
The PCAOB also provides suggestions to about discussions the may have with their auditors about the inspection process. These may include discussions (during the conduct of the inspection and afterward) about specific inspection findings, such as:
- Whether the company’s was selected by the PCAOB for an inspection, and, if so, what is being looked at, and any deficiencies identified by the PCAOB;
- Whether the PCAOB has identified deficiencies in other that involved auditing or issues similar to those presented in the company’s and, if so, what has been done in response; and
- What were the firm’s responses to the PCAOB’s findings; in particular, did the firm agree with the PCAOB’s findings and, if not, why not, or if the firm did agree, what the firm did.
With respect to the PCAOB’s non-public quality control findings, the PCAOB acknowledges that many firms will be reluctant to share the details of the findings. But it suggests that the for generic information such as:
- What changes the firm is making to address any quality control deficiencies;
- What is the progress of the quality control remediation process;
- The inspected years about which the PCAOB has made a final determination about the firm’s remediation efforts and the nature of that determination; and
- Whether the PCAOB has provided initial indications that the firm may not have sufficiently remediated any items.
The PCAOB release is likely to be viewed as outlining best practices for in this area. should review the release carefully and include these matters on their agendas for communications with auditors.
Auditors’ Communications with About its
On August 15, the PCAOB adopted a new Auditing Standard No.16, Communications with Audit Committees (AS 16).3 AS 16 prescribes the communications that an auditor must make to the of its client. It replaces and expands upon Statement on Auditing Standards No. 61, the PCAOB’s prior auditing standard regarding communications.4 Subject to SEC approval, AS 16 will be effective for for periods beginning after December 15, 2012.
The new standard seeks to enhance the “relevance, timeliness and quality” of the information conveyed by the auditor to the , particularly with respect to the auditor’s assessment of significant risks of financial statement misstatement and other matters that could affect the integrity of the financial statements, and to promote constructive dialogue, as opposed to “check the box” communications, between the auditors and the . While the PCAOB emphasizes that it has no authority over as such, it expresses the view that the new standard should assist in fulfilling their oversight responsibilities.5
The matters auditors must discuss with the fall into several general areas, including appointment and of the auditor; obtaining information and communicating the strategy; results of the ; form and documentation of communications; and timing. Among other things, the new standard:
- Requires the auditor to obtain a written engagement letter, approved by the and executed on behalf of the company, that sets forth the terms of the engagement. The standard specifies various matters to be included in the letter, including the objective of the , the auditor’s responsibilities and management’s responsibilities;
- Requires the auditor to the whether it is “aware of matters relevant to the , including, but not limited to, violations or possible violations of laws or regulations;”
- Requires the auditor to provide specific information to the about the need for specialized skill or knowledge in the , and about the auditor’s plans to use internal auditors, company personnel or third parties, or to rely on other firms or other persons not employed by the auditor in performing aspects of the ;
- Prescribes communications regarding the results of the , including:
- Description and qualitative evaluation of aspects of significant policies and practices, including situations where the auditors identified possible “management bias;”
- Description and assessment of critical policies and practices;
- Description of and conclusions about critical estimates;
- Discussion of “significant unusual transactions,” i.e., transactions that are outside the normal course of business for the company or otherwise appear to be unusual due to their timing, size or nature; and
- Evaluation of the conformity of the company’s financial statement presentation with the applicable financial reporting framework;
- Specifies particular disclosures that the auditor must make regarding the auditor’s evaluation of the company’s ability to continue as a going concern; and
- Requires the auditor to disclose “difficult or contentious” matters for which the auditor consulted outside the engagement team (e.g., with the “national office”); situations where the auditor is aware that management consulted with other accountants and the auditor has identified a concern about such matters; disagreements with management, whether or not satisfactorily resolved; and difficulties encountered in performing the .
While the communications may be written or oral, the auditor is required to maintain documentation sufficient to establish that the communications were made. All communications must be made prior to issuance of the .
AS 16 is the first PCAOB standard adopted since the enactment in April 2012 of the Jumpstart Our Business (JOBS) Act. The provides that new auditing standards may be applied to of emerging growth companies only if the SEC specifically determines that the application of the standard “is necessary or appropriate in the public interest, after considering the protection of investors, and whether the action will promote efficiency, competition, and capital formation.” The PCAOB’s standard by its terms will apply to emerging growth companies, and the PCAOB will the SEC to approve its application to emerging growth companies.
As a general proposition, AS 16 codifies communications practices already followed by many auditors and . The PCAOB emphasizes that the standard does not create new substantive procedures; it just requires communications of the results of the procedures. Thus, while it may bring some degree of additional rigor into the interaction between auditors and the , AS 16 should not result in major changes in practice for most well-advised .
1 The PCAOB was established by the Sarbanes-Oxley Act to regulate firms that US public-company . Since passage of the in 2010, the PCAOB’s jurisdiction also extends to auditors of -.
2 PCAOB Release No. 2012-003 (August 1, 2012).
3 PCAOB Release No. 2012-004 (August 15, 2012).
4 Statement of Auditing Standards No. 61 (SAS 61) was originally promulgated by the American Institute of Certified Public Accountants. The Sarbanes-Oxley Act gave the PCAOB the power to prescribe auditing standards, and in 2003 the PCAOB adopted SAS 61, along with other AICPA standards, on an interim . See PCAOB Rule 3200T. In 2006, the AICPA adopted Statement of Auditing Standards No. 114, which superseded SAS 61. However, that standard does not apply to of US , which remain subject to SAS 61 as it existed in 2003.
5 While the PCAOB standards by their terms apply only to auditors, as a practical matter will have an obligation to ensure that the communications are made and discussed. Under SEC rules, the ’s annual report must state whether it has discussed the matters required to be communicated by the current auditing standard, Statement on Auditing Standards No. 61, as adopted by the PCAOB in Rule 3200T. See , Item 407(d)(3)(i)(B). Presumably, the SEC will modify the requirement to conform to AS 16, and the will therefore have to confirm it has had the communications required by the new standard. In addition, PCAOB Auditing Standard No. 5 requires the auditor to consider the effectiveness of the ’s oversight in evaluating a company’s . AS 16 cannot and does not prescribe how, or whether, the must respond to the auditor’s communications. Still, the importance of the to a company’s financial reporting and its control environment means that, in practice, will have to be responsive to the auditor’s communications and engage in an appropriate dialogue with the auditors.