The first panel of the conference, “Regulators and Standard Setters Updates and Panel Discussion,” featured presentations and discussion on current topics in auditing standards and regulation. The participants included Sara Lord, Chair, Auditing Standards Board; Anita Doutt, Senior Associate Chief Accountant, Office of the Chief Accountant, Securities and Exchange Commission (SEC); and Barbara Vanich, Chief Auditor, Office of the Chief Auditor, Public Company Accounting Oversight Board (PCAOB). The panel was moderated by Douglas Carmichael, professor at Baruch College, New York, N.Y. The comments and opinions expressed at the conference and reproduced here represent the speakers’ own views and not necessarily those of their employers or affiliated institutions.

The ASB’s Activities

Auditing Standards Board Chair Sara Lord began the first session with a brief update on the ASB’s current activities, recently issued guidance, and standards implementation.

“Currently, we’re working on quite a few different standard setting activities,” Lord said. “Sustainability assurance is one that’s very highly important, across all jurisdictions … we have a task force focused on what’s happening internationally with the new sustainability standard exposure draft. We have a task force working on our attestation standards, not only on sustainability, but on the core standards themselves.” She added that the ASB is hoping to be ready to provide assurance guidance once the SEC’s climate guidance is finalized. The ASB has also been working with the IAASB throughout the standard setting process. She said the ASB is looking at taking the ISA 5000 guidance once finalized and putting it into their current framework.

Lord noted that the ASB recently issued updated standards on quality management that are largely converged with international standards but focused on the overall quality management of a firm. “It’s risk based, it’s focused on saying, ‘Here’s certain quality objectives that you need to meet. What are the risks your firm has, knowing that every firm is unique in what types of clients they serve? … How do they create the environment internally to serve those clients?’”

“We’ve issued quite a bit of implementation guidance in this area,” Lord said. “We want this to be something that continues to enhance audit quality and is done in a way that firms can use the tools that have been made available.” She noted that the ASB continues to work closely with the AICPA Peer Review Board to “make sure that the standard as designed and written is what’s being evaluated upon implementation.”

Lord moved from current standards setting into implementation guidance. “One of the things that we continually hear from our practitioners is ‘the standards are great, sometimes I actually just want to know how to use them.’ Guidance can be a helpful way to bridge that gap between ‘here’s what you’re meant to do, and how do you actually do that in practice?’”

The ASB recently reissued its risk assessment guide with a focus on scalability. “We also have a task force focused on technology in the audit. … We’ve recently issued a practice aid focused on how to use technology in risk assessment, how it ties into the auditing standards, and we are looking at other areas, such as further audit procedures.”

She added that the AcSEC working group has issued guidance related to digital assets, including a digital asset guide that focuses on accounting and auditing, and is constantly updating its guidance with FAQs on specific issues in this ever-evolving space.

Lord discussed the three standards effective for December 15, 2023: “SAS 143 is on auditing estimates and fair value; this updates AU-C 540. It has a companion in SAS 144, which is pricing services. … We also issued significant updates in SAS 145 that are on risk assessment, amending AU-C 315. These are some core areas of the audit that really are foundational. You’ll see that the standards are converged largely with those of the IAASB, and in a lot of ways really do also align, particularly the auditing estimates standard, with those of the PCAOB.”

PCAOB Update

PCAOB Chief Auditor, OCA, Barbara Vanich gave a brief update on a recently adopted standard, recently proposed standards, and the board’s agenda. She began with the auditor’s use of confirmations, which was adopted in September. “Among other things, that new standard includes a requirement to confirm cash and cash equivalents with third parties … It also carries forward the existing requirement to confirm accounts receivable.”

“All auditors in our view should strive for a skillful auditing approach, and none should be content with the limited approach to auditing, especially when it comes to things like fraud detection, or independence.”

—Anita Doutt

She noted that although confirmation response rates aren’t what they used to be, auditors do have a greater ability to access information directly, “which is, in our view, why confirmations have long been held out as providing good audit evidence, because it’s information that comes from outside the company.”

Vanich then spoke about recently issued proposals. The new AS 1000 standard would “replace a suite of existing older standards that address general responsibilities … those include things like, what is reasonable assurance, due professional care, professional skepticism, independence, competence, and professional judgment. The proposed standard retains and clarifies those fundamental responsibilities, including what they mean, and provides a little more detail on how we expect those concepts to be applied. It also includes important proposed amendments that, in our view, more directly align the partner’s existing responsibility for supervision and review, and how that works in the application of applying due professional care.”

“The proposed amendments clarify the extent of the planning, supervisory review, and documentation activities to be performed by the engagement partner as part of exercising due care,” she said. “The proposed amendments also clarify the requirements for audit documentation.” Vanich also mentioned another amendment that relates to assembling a complete and final set of audit documentation.

“In June, the Board proposed a new standard on noncompliance with laws and regulations,” Vanich continued. “The NOCLAR [noncompliance with laws and regulations] standard would replace the standard related to illegal acts as well as amend other PCAOB standards. … The proposal would establish and strengthen requirements for the auditor’s identification of laws and regulations with which noncompliance could reasonably have a material effect on the financial statements; for assessing and responding to the risk of material misstatement arising from noncompliance with those laws and regulations; for identifying where there is information indicating noncompliance has, or may have, occurred; and, lastly, for evaluating and communicating when the auditor identifies or otherwise becomes aware of information indicating noncompliance, including fraud, has occurred.”

Vanich also discussed proposed amendments related to aspects of designing and performing audit procedures with respect to technology. “We don’t see this as the answer to technology in the audit,” she said, “but rather a kind of a first step in what we’re hoping to be a broader modernization of standards.”

“We’ve heard from the Board’s Investor Advisory Group that there is concern over reliance by auditors on company-produced information and technology tools,” she continued. “The amendments were designed to provide certain clarifications and to increase the likelihood that the auditor obtains sufficient appropriate audit evidence when technology tools are used.”

Vanich reported that the board updated its standard setting, research, and rulemaking agendas. She noted that they added a research project on critical audit matters, based on input from its Investor Advisory Group. “Those recommendations included considering whether the current standard and staff guidance are driving fewer critical audit matters than investors had hoped to see. They also gave us some suggestions to consider how to increase the usefulness of critical audit matters.” Vanich noted that the PCAOB recently started to issue quarterly updates that pull together inspection reports, enforcement actions, and all standard setting activities.

The SEC’s Skillful Approach

Promoting high-quality audits and their role in achieving high-quality financial reporting is the focus of SEC Senior Associate Chief Accountant, OCA, Anita Doutt.

Doutt began by introducing the concept of the skillful audit approach. “At a level of generalities, there’s really two ways in which accounting firms approach auditing. First, there’s the limited approach. This is where an audit firm maybe does a check-the-box audit planning and concluding procedures based on what it doesn’t need to review, focusing on what it can look away from, performing the bare minimum in compliance with the standards to support the conclusions in the audit report.”

“Second, there’s the skillful approach,” she continued. “This is where auditors focus not only on what they are minimally required to do in accordance with the standards, but also on what they should review and inspect, and thereby engage in a robust and iterative audit process that supports high-quality, reliable financial reporting. All auditors in our view should strive for a skillful auditing approach, and none should be content with the limited approach to auditing, especially when it comes to things like fraud detection, or independence.”

“At its core, in our view, auditing is about investor confidence and trust in the transparency and accuracy and reliability of the financial information. It’s our hope that the profession will continue to strive for this skillful, robust, and iterative approach to auditing.”

Doutt spoke to the example of independence: “Auditor independence in both fact and appearance is critical to the credibility of the financial statements, and we have consistently noted that it’s a shared responsibility between auditors, management, and audit committees. Circling back to this idea of a checklist or limits approach, a practical application would be when firms take the approach to auditor independence of thinking about how close to the line can they go without having a per se violation of the standards.” She then walked through several examples—including how to define “office” in the age of remote work, how to analyze complex and nuanced business relationships between firms and audit clients, and how to apply Rule 201 when determining whether providing non-audit services impair independence—all examples wherein taking a limit approach could compromise independence.

Panel Discussion: Skillful Auditing

Doug Carmichael then guided the panel through a question-and-answer session, beginning by asking Doutt for examples of “skillful auditing.”

“We can think about this from the perspective of an auditor’s evaluation of ICFR [internal control over financial reporting],” she answered. “A limits approach may lead an auditor to narrowly focus on the entity’s ICFR, versus if they’re taking a skillful approach, they would understand that many items may have an indirect but very important impact on ICFR.” Doutt explained that auditors might assess a regulator’s findings as being outside the scope of ICFR, but when considering their scope or root cause, they could indicate a lapse in ethical behavior, directly or indirectly related to ICFR, or could represent a tone at the top issue.

“Something we see with the limits approach,” she added, “is that too often, auditors and management rationalize away disconfirming evidence rather than applying objective judgment and professional skepticism.”

Doutt pointed out that “the auditor should really consider the completeness of the information from management. … There could be cases where there are other reports or documents relevant to management’s monitoring or ICFR functions that the auditor hasn’t obtained.

“It’s also important to remember that the absence of a material misstatement doesn’t preclude the existence of a material weakness, and that severity assessments should be focused on the ‘could’ factor instead of being limited to the magnitude of any actual misstatements.”

Doutt added that the statement of cash flows is often overlooked as an area that could benefit from a more skillful approach. “We’ve observed,” she said, “that maybe preparers and auditors don’t dedicate the same level of rigor to the statement of cash flows as they do to the other statements.”

Carmichael followed up by asking what a skillful auditor might do to avoid independence violations of Rule 2-01(b), such as those that have made the news of late.

“I think what we would want to avoid is this idea that 2-01(c) compliance is the end all be all,” Doutt replied. “2-01(c) is necessary, but it’s not sufficient, and I think compliance with 2-01(b) really requires a holistic assessment of whether a reasonable investor would view the auditor as objective and impartial in that situation.”

Going Concern and Materiality

Carmichael then asked Lord about transparency issues surrounding going concern. “It’s looking at ‘what do investors expect from the auditor’s report?’ … You go through and identify if there’s substantial doubt about an entity continuing as a going concern. We did do research with preparers and investors to ask, ‘Do you want more? What do you see in the current guidance that’s out there? And how is it relevant to what you need to evaluate the financial statements?’ And 60% believe that the current reporting is sufficient and is relevant.”

Lord continued: “Then we also asked, ‘Do you believe that the information you’re getting in the auditor’s report is timely for decision making?’ There was no consensus at all on that.” The ASB’s research also found that the vast majority of respondents believe that management is the party responsible for concluding whether or not the entity is able to continue as a going concern; far fewer said that it was solely the auditor’s responsibility.

Carmichael asked about the interplay between going concern issues and controls, especially for nonpublic entities. Lord answered: “The guidance that we try to provide to people on going concern is, ‘what is the current economic environment?’’ … What are the estimates that management is using and what are they based on? … How does that factor into management’s plans? What are the general controls over the business on all of the areas that that really feed into revenue, operations, the things that help keep that company operating effectively, so that you can rely on the estimates that are being prepared to demonstrate the ability to continue as a going concern?’”

Vanich added that although this isn’t an area of focus for her staff, they do work in the ICFR space and continue to see some fairly large bankruptcies slipping through the cracks shortly after an opinion was issued. “Where we’ve seen challenges, it’s really been more with how closely you evaluate the company’s plans.”

“I think it has been a great opportunity for us as a firm to go in and say, what are we doing to make sure that we’re issuing quality audits?”

—Sara Lord

In response to a question about qualitative versus quantitative factors in determining materiality, Doutt said, “I think it’s a facts-and-circumstances–based judgment. I think it’s the avoidance of narrowly focusing on trying to rationalize a material misstatement with qualitative factors. … looking at the total mix of information when you’re evaluating the materiality of a misstatement, and whether it gives rise to a revision or full restatement.”

Research on Fraud

Sara Lord discussed the research that the AICPA and ASB are conducting on fraud. She described the mixed results to survey questions as to whether there should be additional disclosures in the auditor’s report about fraud, whether the auditor should talk about material weaknesses related to fraud in a non-ICFR opinion, and whether fraud should be a key audit matter.

This led the ASB to dig deeper into the results. “One of the things that the ASB talks a lot about when you talk about auditor reporting is, ‘how do the reporting standards and the performance standards tie together?,’” Lord said. “If we’re changing reporting does that imply that we’ve changed the performance standards, and people think we’re doing something different? And is that true or accurate? We’re making sure that the two move hand-in-hand.” She added that the survey found that 69% said that auditors should find and report material fraud, 18% said auditors should find and report all fraud with no materiality threshold, and 13% said auditors should still find all fraud, but only report material.

Other research reached out to fraud and forensic professionals to better understand the difference between a financial statement audit and a forensic examination. Although auditors might rely on skepticism, forensic accountants lean towards a presumption that everyone is guilty. The ASB is asking what it can do about “making sure auditors are also not presuming this person probably is so nice they can’t commit fraud … And then asking what could we be enhancing potentially in our performance standards—maybe having more training for auditors and behavioral red flags.”

Lord suggested the idea of including the full audit team in fraud brainstorming at the start, “and then potentially doing an additional fraud brainstorm at the end of the audit: Going in, we thought these were our fraud risks; have we identified anything else? Making sure that that’s an open dialogue throughout the audit, and potentially again at the end. … When something goes wrong, really taking the time to figure out why … Was there more than just the error? Was there something in the environment leading someone to make an error?” She also said that asking employees in interviews about how someone else might commit fraud can open up dialogues that lead to further audit procedures.

She also stressed that areas where there’s a lack of segregation of duties are areas where fraud can occur. And this is not something auditors can just check the box on; they need to say, “How do we respond to that? How do we make sure we’re doing the right substantive audit procedures to address that risk?”

Carmichael then asked Vanich to discuss the PCAOB’s project on fraud. She said that the typical surveyed investor said, “I don’t need to know about all fraud, but I want to know about all fraud conduct where senior management is involved—there is no materiality view when it comes to something that senior management is capable of. We have heard requests to think about how to have more reporting in the auditor’s opinion about fraud.” She stressed that auditors should not “ask yes-or-no questions when you’re making fraud inquiries, but really have the open-ended question that solicits an answer.” She added that audit teams need to understand the company’s specific fraud risks and why they’re testing the entries. “If they don’t understand where things could go wrong,” she said, “they sometimes waste a lot of time looking in the wrong places.”

Audit Quality

Carmichael asked Vanich about trends with respect to critical audit matters. “I will say there’s a disturbing trend that they’re [CAMs] going down,” Vanich said. “I don’t know why they’re going down. … But they are going down, and it’s across all firms. …. It is something we’re trying to get to the bottom of, through our research.”

Carmichael then asked whether technology can enable auditors to detect all fraud. “I would say that tools have the ability to really improve the audit because they have the ability to have auditors focused on things that they may have never focused on before, that were notoriously known as being lower-risk areas,” Vanich replied.

“We have heard, at least from people who have conducted some significant frauds, that it still comes down to you being skeptical. … I do think the tools have the ability to point you into the right place. … You’re focusing on things that look unusual. You can identify those matters. But it does still come down to pushing back—do these explanations makes sense?—and trying to get evidence, not just explanations for anomalies in the data.”

Lord agreed, adding, “Fraudsters are always being more creative… they’re going to try to stay ahead of whatever technology auditors have.” She stressed the need for auditors to review and understand the outputs of technology used while keeping their professional skepticism honed.

Carmichael asked Lord to speak from an auditor’s perspective about the implementation of the quality control standards. “I think it has been a great opportunity for us as a firm to go in and say, what are we doing to make sure that we’re issuing quality audits? … This is not just an audit-based implementation. It’s human resources. It’s all the areas of the practice that you’re going to work with and say, ‘how do we make sure we hire competent people? How do we make sure people are getting the right training and CPE?’ And really understanding how that all fits together.”

“Being in person adds a lot of value to conversations and discussions,” Lord responded to a question on the impact of remote auditing on quality. She noted that auditing in person provided a great learning opportunity that you don’t get over the phone or remotely. She also noted that being remote allows you to bring in experts that are not local.

“We’re also seeing that we’re spending smarter time with our clients,” Lord added. “On those days, we’ll have focus time together, and we’ll have time to be working through issues. I think it’s that blending of seeing what works best. … I do think that there is a huge value to being in person, building those relationships, and being able to be there and see people’s reactions. What does that interaction look like when you look at tone at the top? A lot of that is observed.”

Vanich reminded the audience to focus on newer staff. “You have to make sure they’re learning what they need to know. I think it may be easier not to ask questions when you’re in a room than when you’re on a screen.”

Doutt echoed these sentiments and added, “It does seem that the pendulum seems to be shifting back towards more in-person engagements and audits, and there are benefits to that, and also benefits to in-person training.”

New Year’s Resolutions

Carmichael closed by asking the panel if they had any New Year’s resolutions for auditors. Lord reminded the audience to implement the newly effective standards on auditing estimates, using pricing services, and risk assessments. “And then I would say, ‘keep looking at what’s happening in the economy and asking important questions of your clients: How is their business doing?’”

Vanich said that “while inspection deficiencies are up, and that’s not good … don’t take it personally. It’s not meant to be a critique of auditors as individuals. Don’t go into your audit with a defeatist attitude. There are engagement teams that get no inspection deficiencies, and that could be your team.”

Doutt reminded the audience about the SEC’s guidance on supervising the work of other auditors. “It’s really important,” she said, “for the lead auditors to pay attention to that.”