I have a list of projects that the ASB [Accounting Standards Board] is working on, in two parts. I want to give you a little more background on some of the projects going on.
The ASB Agenda
First, the board has voted out an ERISA [Employee Retirement Income Security Act] audit standard. It’s a new reporting standard, so it’s a new section in AU-C 700. It’s mainly to address a couple of things. One, it adopts a new form of report for what we used to call limited scope audits; we’re changing the name. If you know that standard, it’s pretty much a disclaimer; now it says “affirmative opinion,” taking into account the certification.
We’ve also added some guidance and requirements around what auditors should be doing with those certifications. It includes the new audit opinion and an expanded description of auditors’ and management’s responsibilities.
It changes the reporting model for EBP [employee benefit plan] audits. It also changes the performance standards to drive better quality. You can’t always address audit quality through standards, but we saw an opportunity to enhance transparency and quality through these changes. The effective date on this is still to be determined. My guess would be 2020, but the board is still deliberating. We’ve got a number of projects that are interrelated ones that I’m going to talk about next, related to auditor reporting and other information.
Another standard we just voted out, an omnibus standard, has to do with what the PCAOB has been issuing and our alignment strategy with that. We went through some of the PCAOB standards on related parties, supplemental information, and audit communications, and picked up some changes that we thought were meaningful enhancements to improve quality in the Auditing Standards Board in our AICPA suite of standards. We’ve just voted that out, and our effective date is probably going to be aligned with our auditor reporting model.
Auditor Reporting Model
The IAASB changed its auditor reporting model a few years back; similarly, the PCAOB reporting model has also changed, adding the notion of critical audit matters [CAM].
The ASB is deliberating. We’ve had an exposure draft, we had a couple meetings to talk about it, and we’re hopefully getting ready to vote in January. In past updates, we haven’t really changed from the model that we’ve adopted. What I think we’re heading for is an opinion-first model. We are looking at the details of the opinion, and the descriptions that the IAASB had, from a convergence perspective. Do we align closer to the IAASB or the PCAOB? We’re probably going to pick somewhere in the middle. We’re trying not to make it a four-page opinion, but also bring in the transparency that the IAASB adopted.
Do we align closer to the IAASB or the PCAOB? We’re probably going to pick somewhere in the middle.
We have a standard on those key or critical audit matters; we’ve aligned with the IAASB. Those are not required, but we felt that, given the potential for someone to say, “I’d like to see key audit matters in my audit report,” we’ll adopt a standard.
Along with that, we took a look at the other information standards. I think part of the challenge for private companies is, what other information do you start with? Well, it’s what’s in the annual report. But for a private company, what is the annual report? For some companies—maybe a not-for-profit—it’s pretty clear; for other companies, it’s not that clear. We’ve spent hours debating who is responsible for what, because in other information, responsibilities are all fun and games until you have to report on them. What other information are we talking about? There’s been a lot of discussion on this. I think that the board is going to take another shot at it. We exposed it, we got a lot of comments, and a 50-50 split on whether we should go forward. We’d like to move forward to continue converging with the IAASB, so we’re going to talk about this more at the next meeting and see if we can’t find a way forward.
Another side project I’ll mention briefly: AU-C 800 on special-purpose frameworks. You might think this is about the old OCBOA [other comprehensive basis of accounting] type of reports, but it’s not. The board is looking at this to converge with the changes made by the IAASB. One of the things that the board didn’t adopt the first time with this project was the notion of a compliance framework. What AU-C 800 says today that everything is a fair presentation framework. We don’t have compliance frameworks, but the IAASB has compliance frameworks. The insurance industry would love for us to have compliance frameworks. If you know insurance reporting, right now it’s a dual report on GAAP and a clean opinion on these insurance frameworks, so there’s a lot of excitement if we were to move down this path. Other entities also might appreciate having a compliance framework.
I think one of the challenges for the board is whether we’re going to open up a Pandora’s box. Somebody—think state and local governments—could decide to exclude whatever framework or standards they don’t like from their reporting standards, and now it’s a compliance framework.
We issued an exposure draft on attestation standards. Initially, the attestation standards were clarified effective 2016. We issued an exposure draft to open these up a bit and rethink what an attest engagement really is. Do we always need an assertion? Can we directly measure the subject matter against criteria without the preparer having done it?
The comment letters that came back were pretty emotional on some of these concepts, and so we’re sorting that out. We’re going to slow this project down and dig in. Some people have raised the question of, “Are you independent if you’re doing that?” We’ve worked with our professional ethics committee at the AICPA, and we’re going to continue to move forward.
The other change would be changing agreed-upon procedures [AUP] to allow for an unrestricted report that doesn’t get the acknowledgement of the specified parties. There’s a lot of tension sometimes when practitioners would like to get to agreed-upon procedures, but because of the acknowledgments that are required, they can’t get there. We’re trying to look at whether there is a path to both preserve traditional AUP and also have an opportunity to do what some might call a “specified procedures report.” We’re looking to vote sometime in late 2019, if emotions settle down.
With our audit evidence project, we’ve got the changing landscape of what the auditor is considering as it relates to evidence in an engagement. We’ve got all kinds of information available, different things that people think about from a risk assessment perspective, such as the changing nature of support for transactions. When we were going through our data analytics guide, it became clear that we ought to think about audit evidence. We talked with IAASB because we knew that was on their longer-term agenda. Do we need to think about audit evidence as more of a judgment call as opposed to a stack of procedures? That’s the question that the task force has been debating.
The definition says evidence is what you do based on procedures; can we rethink this into a framework for judgment as it relates to evidence? The task force has gone through definitions and asked, “Do they still make sense?” Sufficient versus appropriate has been a big debate at the task force. Do we retain the terms or do we redefine the terms?
External information sources is a big item that the IAASB dealt with in ISA 540, driven by the expected credit loss standard and the fact that banks are going to be using external information to develop their credit losses. How much work do we need to do when management is using that in developing its estimate? What do we need to do from an audit evidence perspective with these external information sources? Where did they come from? What is their nature? Those are some of the items that the task force is looking at.
The nature of substantive audit procedures is another item they’re looking at. The current structure doesn’t really promote use of technology-enabled procedures, so the task force is looking at these data analytics. Is it a risk assessment? Is it substantive? What’s the difference? We’re not walking around with pieces of paper, ticking and tying them; that’s been gone for a long time. We felt that it was overdue to look at procedures, focusing more on the quality of the evidence rather than the nature of the procedure. We’re looking to get an exposure draft out in January.
We’ve got task forces on a lot of the projects the IAASB is working on, because of our convergence strategy. We’re hoping to get an estimates exposure draft out mid-to-late-year, and also on risk assessment. The other projects on the IAASB’s list are all on our agenda as well.