As noted by the PCAOB in its Release 2017-001: “there are situations in which an auditor may be required by law or regulation, or voluntarily agrees, to perform an audit engagement in accordance with PCAOB standards for a company whose audit is not subject to PCAOB oversight.” In such instances, audits are commonly conducted under dual auditing standards, generally including U.S. GAAS, promulgated by the AICPA’s Auditing Standards Board (ASB), and the auditing standards of the PCAOB.
In January 2016, the ASB issued Statement on Auditing Standards (SAS) 131 (AU-C sections 700.44, .A43–47 and .A63), effective for audits of financial statements for periods ending on or after June 15, 2016. Prior to this, reporting on an audit conducted in accordance with both sets of standards presented auditors with the dilemma of determining which body’s reporting standard should control the content of the report—since it has always been impossible to comply with two different reporting models in a single report.
Before SAS 131, GAAS (AU-C 700.42–43 and its predecessors) afforded limited guidance as to reporting on audits conducted in accordance with dual standards citing, for example, international standards, PCAOB standards, and Government Auditing Standards[the “Yellow Book,” issued by the U.S. Government Accountability Office (GAO)]. GAAS merely stated that both sets of standards (and their origin) should be identified in the report; it was otherwise silent as to the form of the report to be used. Because the PCAOB had no jurisdiction over these audits, intuitively, one would expect the reports to be based on the ASB reporting model; consequently, as remains the practice with international or Yellow Book standards, auditors generally prepared them in GAAS format with a reference to PCAOB standards added. That changed with the issuance of SAS 131, but only with regard to the PCAOB.
Unless an audit is within the jurisdiction of the PCAOB (i.e., for an SEC issuer, as defined by the SEC and PCAOB, or a securities broker-dealer), one is required by the Code of Professional Standards (ET section 1.310.001.01 and Appendix A thereto) to conduct an audit of a U.S. entity’s financial statements in accordance with GAAS as promulgated by the ASB. One may also conduct an audit in accordance with PCAOB standards if required, for example, by a lender, a regulator, or merely the terms of the engagement; however, one cannot conduct an audit not subject to PCAOB oversight solely in accordance with PCAOB standards as an alternative to GAAS. The essence of SAS 131 is that even when reporting on an audit conducted for an entity not subject to PCAOB oversight, the report must nevertheless be in accordance with PCAOB standards, modified by adding a reference to GAAS.
Despite the apparent simplicity of SAS 131, the ASB issued Auditing Interpretation 4, “Reporting on Audits Conducted in Accordance With Auditing Standards Generally Accepted in the United States of America and the Standards of the PCAOB,” in March 2018. In light of the revised PCAOB reporting standard and guidance adopted in June 2017 [Auditing Standard (AS) 3101 and Staff Guidance section 300.04, respectively], Interpretation 4 contains a short series of questions and answers and several illustrative audit reports to provide additional guidance intended to facilitate auditor compliance with AU-C section 700.44.
As set forth in Interpretation 4 (AUC 9700.17), if the firm reporting on an audit conducted under dual standards is not a PCAOB-registered firm, the report should be titled the same way as a GAAS-only report; if the firm is registered, the report may (but is not required to) be titled as would be required for a PCAOB-only report.
Also according to Interpretation 4 (AU-C 9700.19), it would be appropriate in a dual standard report for an auditor to revise the independence-related statement ordinarily prescribed by AS 3101 to reflect the circumstances of the engagement to read, for example, “We are required to be independent with respect to the Company in accordance with the relevant ethical requirements relating to our audit.” According to GAAS (AU-C 200.A15), the relevant ethical requirements consist of the AICPA Code of Professional Conduct and any and all applicable, more restrictive regulatory rules of state boards of accountancy and any other agencies. So as not to give a misleading implication of compliance with the SEC and PCAOB’s independence rules and the PCAOB’s other professional practice standards, unless the auditor is nevertheless required or elects to comply with those other rules and standards as well, the audit report should refer only to the auditing standards of the PCAOB (AUC 9700.20).
Reporting Critical Audit Matters
Unfortunately, ASB Interpretation 4 fails to make sufficiently clear that the not-yet-effective requirements of AS 3101 for reporting critical audit matters (CAM) will apply in the future to reports on audits of financial statements of privately held entities outside the jurisdiction of the PCAOB conducted pursuant to the dual standards of the PCAOB and the ASB.
CAMs [which are the same as key audit matters (KAMs), the term used in the International Standards on Auditing and currently proposed for adoption by the ASB for use on an optional basis] consist of “any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that relates to accounts or disclosures that are material to the financial statements and involved especially challenging, subjective, or complex auditor judgment.”
Except for the largest SEC issuers, for whom the CAM reporting requirement becomes effective a year earlier, CAM reporting will be required for all issuers for fiscal years ending on or after December 15, 2020. At that time, CAM reporting must also be included (i.e., will not be optional) in reports on financial statements of nonissuers conducted under both GAAS and PCAOB standards. This requirement, once fully effective, will present a risk of inadvertent noncompliance by auditors who do not generally practice in the SEC arena.
Compliance with Dual Performance Standards
To conduct an audit in accordance with these dual standards, one must be sufficiently familiar with both sets of standards and how they differ (which is, in some cases, substantively). Audit documentation must include evidence of that familiarity and compliance.
Since the formation of the PCAOB in 2002, auditors have had little difficulty planning and conducting audits that comply with both GAAS and the PCAOB’s standards, and many who have a need to do so routinely use practice aids designed to enable compliance with the more robust provisions of both sets of standards.
It is beyond the scope of this article to detail all the differences between GAAS and the PCAOB standards, many of which are subtle, but the number and extent of such differences has diminished over the years as both sets of standards have evolved. A partial comparison limited to the PCAOB’s risk assessment group of standards issued in 2010 is presented as Appendix 11 of its Release 2010-004 (http://bit.ly/2HdErdK). This comparison of the IAASB and ASB’s standards may be useful, but caution is necessary since it has been superseded in several respects.
Most Significant Differences
In the view of this author, the most significant difference at this time is the way that the ASB and PCAOB’s standards (AU-C 600 and PCAOB AS 1205) treat work performed by other auditors. Of these two standards, the ASB’s version is considerably broader, covering what is termed audits of “group financial statements” (also known as group audits) and is more robust in its applicability and application. In 2016 and 2017, the PCAOB issued Releases 2016-002 and 2017-005, respectively, proposing to strengthen its standards relative to the use of other auditors, but not to the extent of AU-C 600. As of this writing, this is an incomplete and ongoing project.
Another significant difference is the PCAOB’s mandate (AS 1220) and detailed performance and documentation requirements for an engagement quality review of significant portions of the engagement by a qualified second partner (or equivalent) not otherwise associated with the engagement. The comparable ASB provision is entirely discretionary, based on risk considerations.