The Public Company Accounting Oversight Board (PCAOB)1 has recently taken two actions that address the interaction between audit committees and their companies’ independent auditors: First, it issued guidance for audit committees about the PCAOB’s audit firm inspection process. Second, it adopted, subject to approval by the Securities and Exchange Commission (SEC), a new auditing standard on auditor communications with audit committees.
Even though the PCAOB’s legal authority extends only to auditors, not their clients, these actions may significantly affect how audit committees carry out their financial reporting oversight role.
Guidance to Audit Committees About the PCAOB Inspection Process
On August 1, the PCAOB issued guidance for public company audit committees to assist them in understanding and using the PCAOB’s reports on its inspections of registered public accounting firms. Under the Sarbanes-Oxley Act, the PCAOB is required to conduct a program of inspections of registered public accounting firms based on review of selected audit engagements. The largest accounting firms are inspected annually, others every three years. Sarbanes-Oxley requires the PCAOB to make public the results of its inspections, except for criticisms of a firm’s quality control systems, which are not made public unless the firm fails to remediate the quality control deficiencies within 12 months after the issuance of the PCAOB’s report.
The PCAOB’s release on Information for Audit Committees About the PCAOB Inspection Process2 discusses how the inspection program is implemented in practice and what the inspection reports cover. The release emphasizes that inspections cover certain aspects of selected audits and are not designed to review all of a firm’s audits or to identify every respect in which a reviewed audit may be deficient. The public portion of the report describes deficiencies in particular audits identified by the PCAOB during the inspection process. The non-public portion of an inspection report, according to the release, describes “deficiencies in the firm’s overall system of quality control such that the [PCAOB] has doubts that the system provides reasonable assurance that professional standards are met.”
Perhaps the PCAOB’s most important message in the release is that it views seriously the audit deficiencies that are identified in its inspection reports, and audit committee members should view “with skepticism” statements by their auditor that may appear to minimize the significance of the deficiencies. According to the PCAOB, if it decides to report a deficiency, that means it has found that, as to certain audit procedures, “the firm did not satisfy its fundamental responsibility to obtain reasonable assurance about whether the financial statements are free of material misstatement.” Statements to the effect that a deficiency was “just a documentation problem,” that there was “a difference in professional judgment,” or that “the firm has addressed the criticisms in accordance with PCAOB standards” may not be complete or accurate characterizations of the PCAOB’s findings or the auditor’s response. At the same time, the PCAOB cautions against generalizing from the PCAOB’s description of specific audit deficiencies: “A PCAOB inspection report—regardless of whether it identifies a deficiency—does not mean that the firm's unreviewed audit work was, or was not, deficient. Thus, results reported in a PCAOB inspection report should not necessarily be understood to mean that the unreviewed audit work of the firm was deficient.”
The PCAOB also provides suggestions to audit committees about discussions the committee may have with their auditors about the inspection process. These may include discussions (during the conduct of the inspection and afterward) about specific inspection findings, such as:
- Whether the company’s audit was selected by the PCAOB for an inspection, and, if so, what is being looked at, and any audit deficiencies identified by the PCAOB;
- Whether the PCAOB has identified deficiencies in other audits that involved auditing or accounting issues similar to those presented in the company’s audit and, if so, what has been done in response; and
- What were the audit firm’s responses to the PCAOB’s findings; in particular, did the firm agree with the PCAOB’s findings and, if not, why not, or if the firm did agree, what the firm did.
With respect to the PCAOB’s non-public quality control findings, the PCAOB acknowledges that many audit firms will be reluctant to share the details of the findings. But it suggests that the committee ask for generic information such as:
- What changes the firm is making to address any quality control deficiencies;
- What is the progress of the quality control remediation process;
- The inspected years about which the PCAOB has made a final determination about the firm’s remediation efforts and the nature of that determination; and
- Whether the PCAOB has provided initial indications that the audit firm may not have sufficiently remediated any items.
The PCAOB release is likely to be viewed as outlining best practices for audit committees in this area. Audit committees should review the release carefully and include these matters on their agendas for communications with auditors.
Auditors’ Communications with Audit Committees About its Audit
On August 15, the PCAOB adopted a new Auditing Standard No.16, Communications with Audit Committees (AS 16).3 AS 16 prescribes the communications that an auditor must make to the audit committee of its public company client. It replaces and expands upon Statement on Auditing Standards No. 61, the PCAOB’s prior auditing standard regarding audit committee communications.4 Subject to SEC approval, AS 16 will be effective for audits for periods beginning after December 15, 2012.
The new standard seeks to enhance the “relevance, timeliness and quality” of the information conveyed by the auditor to the audit committee, particularly with respect to the auditor’s assessment of significant risks of financial statement misstatement and other matters that could affect the integrity of the financial statements, and to promote constructive dialogue, as opposed to “check the box” communications, between the auditors and the committee. While the PCAOB emphasizes that it has no authority over audit committees as such, it expresses the view that the new standard should assist audit committees in fulfilling their oversight responsibilities.5
The matters auditors must discuss with the audit committee fall into several general areas, including appointment and retention of the auditor; obtaining information and communicating the audit strategy; results of the audit; form and documentation of communications; and timing. Among other things, the new standard:
- Requires the auditor to obtain a written engagement letter, approved by the audit committee and executed on behalf of the company, that sets forth the terms of the audit engagement. The standard specifies various matters to be included in the letter, including the objective of the audit, the auditor’s responsibilities and management’s responsibilities;
- Requires the auditor to ask the audit committee whether it is “aware of matters relevant to the audit, including, but not limited to, violations or possible violations of laws or regulations;”
- Requires the auditor to provide specific information to the audit committee about the need for specialized skill or knowledge in the audit, and about the auditor’s plans to use internal auditors, company personnel or third parties, or to rely on other accounting firms or other persons not employed by the auditor in performing aspects of the audit;
- Prescribes communications regarding the results of the audit, including:
- Description and qualitative evaluation of aspects of significant accounting policies and practices, including situations where the auditors identified possible “management bias;”
- Description and assessment of critical accounting policies and practices;
- Description of and conclusions about critical accounting estimates;
- Discussion of “significant unusual transactions,” i.e., transactions that are outside the normal course of business for the company or otherwise appear to be unusual due to their timing, size or nature; and
- Evaluation of the conformity of the company’s financial statement presentation with the applicable financial reporting framework;
- Specifies particular disclosures that the auditor must make regarding the auditor’s evaluation of the company’s ability to continue as a going concern; and
- Requires the auditor to disclose “difficult or contentious” matters for which the auditor consulted outside the engagement team (e.g., with the “national office”); situations where the auditor is aware that management consulted with other accountants and the auditor has identified a concern about such matters; disagreements with management, whether or not satisfactorily resolved; and difficulties encountered in performing the audit.
While the communications may be written or oral, the auditor is required to maintain documentation sufficient to establish that the communications were made. All communications must be made prior to issuance of the audit report.
AS 16 is the first PCAOB standard adopted since the enactment in April 2012 of the Jumpstart Our Business Startups (JOBS) Act. The JOBS Act provides that new auditing standards may be applied to audits of emerging growth companies only if the SEC specifically determines that the application of the standard “is necessary or appropriate in the public interest, after considering the protection of investors, and whether the action will promote efficiency, competition, and capital formation.” The PCAOB’s standard by its terms will apply to emerging growth companies, and the PCAOB will ask the SEC to approve its application to emerging growth companies.
As a general proposition, AS 16 codifies communications practices already followed by many auditors and audit committees. The PCAOB emphasizes that the standard does not create new substantive audit procedures; it just requires communications of the results of the procedures. Thus, while it may bring some degree of additional rigor into the interaction between auditors and the audit committees, AS 16 should not result in major changes in practice for most well-advised audit committees.
1 The PCAOB was established by the Sarbanes-Oxley Act to regulate accounting firms that audit US public-company issuers. Since passage of the Dodd-Frank Act in 2010, the PCAOB’s jurisdiction also extends to auditors of broker-dealers.
2 PCAOB Release No. 2012-003 (August 1, 2012).
3 PCAOB Release No. 2012-004 (August 15, 2012).
4 Statement of Auditing Standards No. 61 (SAS 61) was originally promulgated by the American Institute of Certified Public Accountants. The Sarbanes-Oxley Act gave the PCAOB the power to prescribe auditing standards, and in 2003 the PCAOB adopted SAS 61, along with other AICPA standards, on an interim basis. See PCAOB Rule 3200T. In 2006, the AICPA adopted Statement of Auditing Standards No. 114, which superseded SAS 61. However, that standard does not apply to audits of US public company issuers, which remain subject to SAS 61 as it existed in 2003.
5 While the PCAOB standards by their terms apply only to auditors, as a practical matter audit committees will have an obligation to ensure that the communications are made and discussed. Under SEC rules, the audit committee’s annual report must state whether it has discussed the matters required to be communicated by the current auditing standard, Statement on Auditing Standards No. 61, as adopted by the PCAOB in Rule 3200T. See Regulation S-K, Item 407(d)(3)(i)(B). Presumably, the SEC will modify the requirement to conform to AS 16, and the committee will therefore have to confirm it has had the communications required by the new standard. In addition, PCAOB Auditing Standard No. 5 requires the auditor to consider the effectiveness of the audit committee’s oversight in evaluating a company’s internal control over financial reporting. AS 16 cannot and does not prescribe how, or whether, the audit committee must respond to the auditor’s communications. Still, the importance of the audit committee to a company’s financial reporting and its control environment means that, in practice, audit committees will have to be responsive to the auditor’s communications and engage in an appropriate dialogue with the auditors.