***
Auditing Agenda
Sarah Lord began the discussion with an overview of the Auditing Standards Board’s (ASB) current agenda. She reported that the ASB’s project on group audits has neared conclusion with “an updated standard that’s largely converged with the IAASB standard, with one difference being retaining the ability to make reference to other auditors. … Our task force has gone back and looked at the final PCAOB standard to say we’re fully harmonized, because this is a U.S.-specific jurisdictional difference.”
Lord addressed the area of attestation standards for non-financial information, where the IAASB has proposed a new standard focused solely on sustainability. “We’re evaluating in the U.S.—do we need a separate standard? Historically, we’re doing these types of engagements with our current attestation standards, utilizing additional guidance that we’ve issued. Do we need a separate set of standards, or can we continue to use the standards that we have?”
“We have a full working group focused on ensuring that as we evolve our standard setting, we’re thinking about not only how technology is evolving, but how it’s being used in our audits,” Lord noted with respect to the impact of technology on attestation.
“One of the changes from an ASB perspective in the last few years,” Lord noted, “is really engaging with the IAASB from day one of their standards-setting process, making sure our full board is engaged, providing feedback, walking through that process so that we are helping evolve all of the standards that we will converge with once they’re issued.”
The ASB is also looking at what the IAASB is doing in the area of fraud and going concern. The board has been surveying users on proposed changes to understand which information is decision-useful, and it is doing a comprehensive review of the academic research in the area to try to learn from the past.
The SEC’s Role
The next speaker was Diana Stoltzfus, who began by highlighting the initial work of the new board at the PCAOB, whose standards are overseen by the SEC. “I want to commend the PCAOB for not only developing a proactive and thoughtful strategic plan, but also for putting it out for public comment,” she said. “We’ve seen in the response letters from commenters that there is general support for the direction of the PCAOB’s new plan.”
“The PCAOB has also created a new investor advocate who is a dedicated point of contact for investors and investor advocacy groups, in order to elevate and amplify the matters that are most important to this key stakeholder group.”
“Earlier this year,” Stoltzfus added, “the board announced one of the most ambitious standard-setting agendas in the PCAOB’s history, which they’ve continually updated, showing that they’re being reactive in moving through the agenda.” She paid particularly notice to the proposed quality control standards.
“Auditor independence, in both fact and appearance, is foundational to the credibility of the financial statements,” Stoltzfus said. “As we’ve consistently noted, it’s a shared responsibility among audit committees, management, and auditors.”
“The general standard is the heart of the Commission’s auditor independence rules and establishes the reasonable investor threshold,” she continued, “and this standard is grounded in assessing the auditor’s objectivity and impartiality. The remainder of the commission’s auditor independence rules, beginning with paragraph c, is a non-exclusive list of circumstances that are plainly inconsistent with the general standard.”
“But compliance with the prohibitions enumerated, and Rule 2-01(c), while necessary, is not sufficient. After making sure that you’re in compliance with those, you also have to step back and think about it from the general standard perspective. That’s really thinking about, ‘Would a reasonable investor conclude that the auditor is independent in both fact and appearance?’”
“Given the construct of the rule over the past decade, the Commission has brought a number of Enforcement Actions against auditors, alleging violations of the general standards, such as close personal relationships with people in financial reporting roles. … This highlights the importance of the Commission’s general standards as a means to address a myriad of ways in which audit firms can impair their independence from their audit clients.”
Turning to current events, Stoltzfus observed that “operating in an environment of economic change continually introduces new risks that should be thought of from a financial reporting perspective. These factors are affecting, and may continue to affect, issuers in terms of liquidity, asset values, exposure to loss, and, in some cases, business continuity. An auditor should evaluate whether any of these matters require especially challenging, subjective, or complex auditor judgment. If so, that that could potentially be a critical audit matter that should be communicated in the auditor’s report.”
“The PCAOB audit standards also require auditors to exercise due professional care, which requires the auditor to exercise the appropriate levels of professional skepticism throughout the audit. Such professional skepticism is required to effectively consider the impact of all these changing economic conditions on the financial statements and to make sure that you’re conducting an appropriate risk assessment.” Stoltzfus also noted that periods of significant change can lead to heightened fraud risk.
The PCAOB Perspective
Barbara Vanich began by discussing the PCAOB’s quality control (QC) proposal. “We believe that building on a common basic structure with other audit standard setters, with the appropriate differences, would enable the PCAOB to accomplish our regulatory objectives more effectively, as well as more efficiently … than if we developed an entirely different structure of our own.” She believes firms can leverage the investments made to comply with IAASB or AICPA requirements and avoid additional costs associated with designing, implementing, and operating fundamentally different and potentially conflicting QC approaches.
Vanich noted that “our proposal does not completely align with other standards.”
“As we developed the proposed standard, we recognize that we had to consider the differing roles that firms who are registered with us play in in our space,” she noted. “The proposed standard would require all registered firms to design a QC system. Firms would be required to implement and operate an effective QC System at all times when the firm is required to comply with applicable professional and legal requirements with respect to any of the firm’s engagements.”
“The proposed standard includes additional requirements related to the assignment of roles and responsibilities that are aligned with our supervision standard,” she added. “The proposal provides more direction on engagement deficiencies and quality control deficiencies, which we thought was important for purposes of evaluating QC deficiencies and determining whether a major QC deficiency exists as part of the firm’s annual evaluation.”
Vanich turned to the “Supervision of Other Auditors Project, which resulted in several amendments and a new standard that were recently approved and adopted. “One of the things that would be good for engagement teams to think about as they approach their 2023 audits relates to the lead auditor’s participation in the audit, and whether that will be sufficient under the new standards,” she said. “These requirements have the potential to create a need to rethink how work is allocated to the other auditor versus what procedures are performed by the lead auditor, and the extent of supervision applied to the work of other auditors by the lead auditor.”
On materiality, Vanich admitted: “I had some concern that materiality was going to potentially be an issue that came up during the pandemic, with revenues falling coupled with a fairly volatile economic situation. I had speculated that there might be engagement teams that used an inappropriate quantitative materiality. … However, I don’t believe our inspectors identified a significant number of comments on materiality. Our inspectors found that audit firms emphasize the importance of consultation on materiality, and in some cases establish supplemental consultation requirements.”
Turning to fraud, Vanich said, “it probably won’t surprise you to know that that there was discussion about the recent report that highlights external auditors only find 4% of frauds. … in a perfect world, fraud wouldn’t occur. But it is positive to note that in some cases, in many cases, it’s being detected prior to the external auditor being involved.”
She added that “a comment by another member of our advisory group was actually more concerning, and that comment was about auditors ‘just going through the motions.’ Asking the same people the same questions and assuming the answers won’t be problematic is a problem, and not one that’s likely to be detected through inspections. Investors deserve better than people going through the motions.”
Question-and-Answer Session
Doug Carmichael then guided the panel through a question-and-answer session, beginning with the topic of fraud. “There’s still a really big expectation gap,” Sarah Lord noted. “There’s still a lack of understanding as to what auditors actually do in practice today.”
“We have a full working group focused on ensuring that as we evolve our standard setting, we’re thinking about not only how technology is evolving, but how it’s being used in our audits.”
—Sarah Lord
“Fraud is a part of every single auditor’s job,” Lord continued. “Every single auditor on the engagement team has opportunities to understand what’s going on. When you talk about tone at the top, it’s talking to everyone in the organization, it’s being aware, and having those conversations.”
“It goes back to that fulsome evaluation; about not looking at each aspect of the control environment in isolation, but looking at it all together,” Stoltzfus added. “I think it’s doing that full risk assessment, and that iterative process, and taking all of the information into totality and thinking about whether there is contradictory evidence out there that doesn’t make sense with other points.”
“It’s also understanding all aspects, kind of the beginning to the end,” Vanich said. “What happens with the tips [from a fraud hotline]? What kind of follow-up is done? And when are those matters escalated to the audit committee?”
The discussion turned to fraud risk in an uncertain environment. “What are some of the issues that could be impacting a registrant,” Stoltzfus asked, “thinking about supply chain issues, inflation, the economic conditions that that many companies are facing. Does that create new incentives or pressures on the management team?”
“I think that goes back to the continual risk assessment and thinking about how the environment changed throughout the audit, and thinking about not only what is the risk of error, but also fraud.” She suggested asking: “What are the current economic conditions? What are the current … priorities and strategy of the company? And how do those create new opportunities and pressures?”
Lord added: “We’re looking at teaching our people some of the basics of economics in the different industries they work in. We have auditors who’ve never lived in inflationary interest rate environments, that just isn’t something that’s existed in the world they’ve lived in. … What does this mean to your client? … Interest rates go up. What happens then, what other pieces of the financial statements are impacted?”
Vanich noted that some caution is required for companies experimenting with using data analysis for risk assessment procedures: “You’re subjecting an entire data set to different procedures to look at anomalies. … Be cautious of not explaining away anomalies or letting management explain away anomalies, because those anomalies could just be a misunderstanding of the process, but they could be indicative of fraud.”
“I think the business and financial relationships between auditors and their audit firms have become increasingly complex,” Stoltzfus answered a question on auditor independence. “There’s different technology alliances and other things. I think that’s an area where we’re just continuing to make sure that the auditor independence rules continue to be fit for purpose.”
“I’d also say to some extent we are addressing independence through our QC Proposal,” Vanich added, “and trying to support the improvement of compliance with SEC and PCAOB independence rules. It’s very hard to separate independence from ethics.”
Carmichael noted that SEC Chief Accountant Paul Munter’s recent statements on independence emphasized the general standard 2-01(b) and seeing things through the lens of the reasonable investor.
Stoltzfus remarked upon the increasingly complex web of financial and business relationships between auditors and clients. “When you stand back and look at the extent of those, it’s hard from a reasonable investor perspective to think that the auditor could still be objective and impartial. … It’s important to not only look at each service individually, but step back and look at the comprehensiveness and the extent of those relationships.”
In terms of enhancing training, Lord said, “I think that when we think about how you train people to take a different perspective, it’s about heightening professional skepticism and not looking at it from just what you know. … It’s training skepticism, and then it’s knowing when you want another person who is completely objective of that engagement to help out.”
The conversation turned to the idea of unconscious bias. “Enforcement actions provide interesting discussion pieces,” Lord said, “because sometimes you go, ‘I can’t imagine I would ever do that.’ And sometimes you think, well, actually this wasn’t so bad, and this didn’t feel bad in isolation. … You might not feel like you’re biased until you step back and go, ‘yeah, all of that together just didn’t feel right.’”
“SAB 99 is talking about circumstances where a quantitatively small error could nonetheless still be material because of qualitative factors,” Stoltzfus responded to a question on materiality. “I think a lot of these discussions we’re hearing the reverse being argued, where a quantitatively large number is not material because of qualitative factors. … I think it takes a careful, well-reasoned, holistic, objective evaluation of the information to determine whether something is material.” She also stated that auditors should not have a check-the-box mentality; rather, they should consider “thinking about the total mix of information” and make sure they take a “holistic approach.”
“Operating in an environment of economic change continually introduces new risks that should be thought of from a financial reporting perspective.”
—Diana Stoltzfus
“Remote auditing definitely continues to be a hot topic, hotter than I expected it to be,” Lord responded to a question about the impact of the pandemic on auditing. “The pandemic required remote working for masses of people, and I think what we found is that there’s a lot of work that can benefit from being done remotely. We can work together collaboratively.”
“From a quality perspective,” she continued, “We haven’t seen, through peer review, any systemic problems in audit quality because of remote considerations. Firms have really heightened professional skepticism. … When is it most important to have conversations in person?”
“I think, as firms, what we are still potentially struggling with the most, is just making sure we’re bringing our people together,” she added. “How do we keep people engaged? How do we keep them excited about what the profession is in those first few years?”
The panel concluded with a discussion about CPAs providing attestation of nonfinancial information outside the financial statements. Stoltzfus said that it is important for investors to what standards are being used and what level of assurance is being provided.
“The benefit of what we do is actually providing quality,” Lord added. “That’s something that I think as a profession we can continue, and should be proud of … We do the work that we do based on really high standards. Can we compete with someone who is not using high standards? It’s harder. But I think we have to trust the capital markets and investors and regulators to help people understand the value that’s ascribed to the work that we do.”