A PDF version of the full publication is attached here: PCAOB solicits additional feedback on its noncompliance proposal (PDF 162kb)

On March 6, 2024, the PCAOB held a virtual public roundtable on the June 2023 proposed amendments to its auditing standards related to a company’s noncompliance with laws and regulations (hereafter referred to as “noncompliance”) that would affect all public company audits, including audits of brokers and dealers. Concurrent with announcement of the roundtable, the PCAOB re-opened the comment period on the proposal through March 18, 2024. PCAOB Chief Auditor Barbara Vanich noted additional feedback from the roundtable and comment letters will be helpful to the staff in making any recommendations to the board about the proposal.

The proposal, if adopted, would impact the scope of the audit by significantly expanding the auditor’s objectives related to compliance beyond what has traditionally been addressed in a financial statement audit (as described in our In depth). The PCAOB initially received 140 responses to its proposal.

PwC’s comment letter encouraged the board to undertake more public consultation as part of an inclusive outreach program to assess how to proceed and to ensure the benefits and costs of its proposal are clearly considered. Other commenters expressed similar views.

During the roundtable, panelists representing the auditing profession, investors, preparers, the legal profession, academia, and former regulators and standard setters covered a number of topics of interest outlined in a staff briefing paper. Panelist Brian Croteau, PwC US Chief Auditor, shared perspectives consistent with our comment letter and reactions to questions posed in the staff briefing paper. The roundtable highlighted a very wide range of interpretations and understandings of the requirements of existing auditing standards and expectations of auditors (including some that may go well beyond that which was intended by the PCAOB’s proposed standard) — for example, with regard to the identification of relevant laws and regulations and the detection of actual or potential noncompliance.

With respect to noncompliance, the auditor’s focus is on considering how risks of noncompliance may affect risks of material misstatement and, when noncompliance has been identified, whether its effects are adequately recognized and disclosed in the financial statements. This focus is in line with the shared goal of promoting useful and reliable financial reporting.

The auditor’s objective in a financial statement audit is to obtain reasonable assurance about, and opine on, whether the financial statements are free of material misstatement, whether due to error or fraud. Misstatements can arise when the effects of noncompliance, including fraud, are not properly recorded or disclosed in the financial statements.

The proposal would require the auditor to identify laws and regulations with which noncompliance “could reasonably have a material effect on the financial statements.” [Emphasis added.] This threshold would be used by auditors for the purpose of identifying and assessing risks of material misstatement and would include laws and regulations that “may relate to the operations of a company with which the company’s noncompliance could reasonably result in material penalties, fines, or damages to the company.” We view the proposal as lacking necessary clarity in terms of the scope of laws and regulations on which auditors should be focused. Several panelists, including those representing investors and preparers, made the point that the auditor could look to management’s process for identifying laws and regulations that are central to a company’s operations and suggested linking the threshold to existing SEC requirements to focus on those for which noncompliance “is reasonably likely to have a material effect on the current period’s financial statements.” [Emphasis added.] There may also be opportunities to leverage aspects of COSO into the PCAOB standard, particularly related to management’s responsibilities for sufficient controls for evaluating contingencies in accordance with ASC 450, Contingencies. Finally, several panelists supported greater auditor attention on companies’ corporate ethical policies, training, and monitoring as well as whistleblower programs and inquiries of internal legal counsel and others as sources of information about noncompliance with laws and regulations that are central to a company’s operations.

Current PCAOB standards differentiate between illegal acts that directly affect the financial statements and illegal acts that may have an indirect effect. The auditing standards have historically used the distinction to appropriately scope the auditor’s responsibilities – such that the auditor performs different audit procedures, depending on the category. The standards include limited requirements related to the auditor’s identification of illegal acts arising from laws and regulations that have an indirect effect on the financial statements. However, as noted in the proposal, noncompliance with certain types of laws and regulations, while having an indirect effect, could ultimately have a material impact if noncompliance occurs.

The proposal noted board outreach indicated that the distinction in dividing illegal acts into those with direct effects and those with indirect effects on the financial statements has been a source of confusion to investors; thus the board proposed to remove the distinction.

Whether or not these terms are retained (beyond what is necessary to continue to address the auditor’s responsibilities in accordance with Section 10A of the Securities Act of 1934 (Section 10A)), we believe a modernization of the standard to more clearly articulate what is expected from auditors is warranted to respond to stakeholder confusion, avoid creating a significant expectations gap, enable effective implementation of a final standard, and acknowledge other rulemaking developments since the PCAOB adopted its interim standard (such as Sarbanes-Oxley and Section 10A).

During the roundtable, PCAOB staff sought clarity on how auditors are currently complying with Section 10A, and the interaction between the auditor and those hired or employed by the company to investigate potential noncompliance. Audit firm representatives noted that the distinction as to whether an instance of noncompliance related to laws or regulations with direct or indirect financial statement impact does not affect auditor actions to perform responsive procedures to consider and address potential implications to the audit. Regardless of the nature of the underlying law or regulation (and consequently, whether the impact is direct or indirect), auditors obtain sufficient information to evaluate the potential effect of noncompliance on the financial statements (including contingent monetary effects, such as fines, penalties, and damages). This often involves consultation with the company’s legal counsel as well as specialists employed or engaged by the auditor.

Some commenters and panelists expressed concerns regarding the potential impact on, and potential waiver of, attorney-client privilege and the work product doctrine, with a view that the implications were not thoroughly considered in the proposal. Discussion focused on the American Bar Association Statement of Policy regarding how lawyers should consider responding to auditors’ requests for information, which provides a current framework for the PCAOB’s existing standard.

The proposal set out a view that “earlier and enhanced identification, evaluation, and communication of information indicating noncompliance has or may have occurred should lead to more timely intervention by companies to cease and remedy noncompliance, lessen the impact of noncompliance, and thereby reduce the investor harm caused by legal and regulatory penalties as well as reputational loss.” We believe it is not practical to expect that auditors will prevent companies from intentionally or unintentionally committing illegal acts or incurring potential reputational harm or significant penalties as a result of noncompliance with laws and regulations. It is therefore important that the objective of the proposal is reasonable and clearly articulated, and merits of the proposed changes sufficiently evaluated, with adequate consideration of the balance between anticipated benefits (namely increased investor protection in the context of reliable financial reporting, including through promoting informative, accurate, and independent audit reports) and anticipated costs.

The vastly differing views from panelists in the PCAOB’s panel on the cost-benefit implications of the proposal suggest further work is necessary to establish the appropriate objectives and scope of auditor responsibilities. We are concerned there is not consistent stakeholder understanding of what the PCAOB is trying to achieve. For example, much of the input from panelists outside the auditing profession focused on a broad set of benefits beyond even those that could result from the expanded requirements for noncompliance reflected in the proposal, such as benefits associated with the deterrence, prevention, or early detection of fraud. Our comment letter expressed concern that the implications of including fraud in the definition of noncompliance, and the impact of expanding the definition of fraud, have not been adequately considered or explained in the proposing release, including the economic analysis.

Our comment letter recommended that the PCAOB develop a framework that appropriately focuses auditors on noncompliance that ultimately would have a material effect on the financial statements. With that focus in mind, we continue to support measured actions to increase the likelihood that auditors become aware of potential noncompliance with those laws and regulations that are fundamental to the operating aspects of the company’s business, its ability to continue its business, or to avoid material penalties, and appropriately respond. Our comment letter suggested the following actions for the PCAOB to consider:

Reflecting on the roundtable discussions, we believe the recommendations in our comment letter remain relevant and would help to alleviate stakeholder concerns that the scope of the proposal and what is expected of auditors remains unclear.

The roundtable and related opportunity for further public comment are a helpful start to the PCAOB in further developing the proposed standard, but more outreach, analysis, and development of the proposal is necessary.

In our view, the PCAOB could leverage its inspection program data and insights and consider using its inspections target teams to gain a greater understanding of how auditors are currently addressing noncompliance in their audits, including where their efforts go beyond the requirements in today’s standards. Further engagement with the PCAOB’s advisory groups — the Standards and Emerging Issues Advisory Group and Investor Advisory Group — as the board and staff progress would be helpful to enable the board to produce a clearer, cost-effective standard that can be consistently implemented in a manner that serves the board’s investor protection mandate and supports audit quality. We look forward to continuing to engage with the PCAOB and its stakeholders on this important conversation.