Earlier this month, the Public Company Accounting Oversight Board released additional resources regarding its new Critical Audit Matters (CAMs) disclosure requirement, with the latest resources targeted to audit committees and investors. Both resources provide some general background on CAMs (see our June 2, 2017 and October 30, 2017 posts) and include helpful responses to FAQs, many of which overlap. The resource for audit committees also includes some additional guidance specifically tailored to the audit committee’s role with respect to CAMs and includes a decision tree to illustrate the considerations auditors work through in determining which matters to disclose as CAMs.
Some key takeaways from the latest FAQs are highlighted below:
- Impact on Audit Opinion. CAMs do not alter the opinion that the auditor provides on the financial statements. CAMs are also not a way for auditors to provide a separate opinion on the CAM or on the accounts or disclosures related to the CAM.
- Reflection on the Company. CAMs do not necessarily reflect negatively on the company, nor do they necessarily mean that the auditor identified a misstatement or deficiencies in internal control over financial reporting.
- Number and Type of CAMs / Benchmarking Considerations. The number of CAMs to be communicated will vary based on the complexity of the audit. CAMs may vary from audit to audit, company to company, and industry to industry. Peer companies within the same industry may not have the same type and number of CAMs. In addition, “[t]here is no expectation that CAMs be the same each year.” The CAMs rule includes a note stating, “It is expected that, in most audits, the auditor would determine that at least one matter involved especially challenging, subjective, or complex auditor judgment.”
- Impact of Significant Events. A significant event, such as a cybersecurity breach, does not automatically give rise to a CAM, though if the event affects the financial statements and becomes the subject of communications between the auditor and the audit committee, it is possible that such an event could give rise to a CAM.
- Disclosure of “New” Information. CAMs generally are not expected to provide information about the company that has not been made publicly available by the company within or outside the financial statements (e.g., in press releases and other public statements), unless such information is necessary for the auditor to describe its principal considerations leading to the determination that a matter constitutes a CAM or how the matter was addressed in the audit.
- Impact on Audit Procedures. The new CAMs requirement does not mandate additional audit procedures, other than requirements to determine, communicate, and document CAMs.
- Relationship to Critical Accounting Estimates. CAMs are not the same as critical accounting estimates that management discloses in MD&A. Some critical accounting estimates or components of such estimates may be the subject of a CAM, but not all critical accounting estimates necessarily will give rise to CAMs. Moreover, CAMs are broader and include all matters communicated or required to be communicated to the audit committee.
- Responsibility for CAMs. Management and the audit committee do not approve CAMs. The PCAOB has made clear that “CAMs are the sole responsibility of the auditor.” The auditor is, however, required to share a draft of the auditor’s report containing the CAMs disclosure with the audit committee. The PCAOB acknowledges that “the auditor could discuss with management and the audit committee the treatment of any sensitive information” as the auditor determines how best to comply with its communication requirements.
- Relationship to International Standards. Compared to the International Auditing and Assurance Standards Board’s Key Audit Matters (KAMs) requirement, CAMs are generally similar, though there are key definitional differences. KAMs focuses on “matters that were of most significance during the audit,” while CAMs involves “matters involving especially challenging, subjective, or complex auditor judgment.” As a result, differences could result in how CAMs are identified or described in the auditor’s report, as compared to KAMs.
Since the PCAOB adopted, and the SEC approved, the CAMs requirement in 2017, both regulators have emphasized the importance of post-implementation review. The PCAOB has engaged in earnest over the past year to assist issuers and auditors prepare for the CAMs disclosure requirement, which is now effective for large accelerated filers for audits of periods ending on or after June 30, 2019. The PCAOB’s latest resources lay out a three-part plan for the PCAOB’s next steps:
- Stakeholder Feedback – the PCAOB will engage with auditors, investors, financial statement preparers, audit committee members and other stakeholders to learn about their experiences with CAMs.
- Compliance and Inspections – the PCAOB’s inspections team will promote compliance through inspections of audit firms, with the first opportunity to inspect taking place in the second half of 2019. The PCAOB has indicated that it expects to publish a summary of its preliminary observations from these initial inspections, which should offer helpful guidance before the standard takes effect for audits of all other companies to which it applies for fiscal years ending on or after December 15, 2020.
- Post-Implementation Review – the PCAOB plans to conduct a post-implementation review of the new requirement, including analyzing its effectiveness, after the implementation of the new standard is completed in December 2020.