On November 15, Accounting Today reported that the PCAOB will not take action this year on its controversial proposal to expand auditors’ responsibilities to consider client noncompliance with laws and regulations (NOCLAR). According to a PCAOB staff spokesperson, the Board "will continue engaging with stakeholders, including the SEC, as we determine potential next steps.” The Board’s regulatory agenda describes the next action on the proposal as “TBD pending analysis” of comment letters and other input the Board has received and lists the anticipated timing of the next action as 2025. Previously, the agenda indicated that the next action would be adoption and that it would occur in 2024.
Although changes in the auditing standards related to audit client law violations are off the table for now, on November 12 – 3 days before announcing the deferral of NOCLAR -- the Board issued a staff report reminding auditors of their responsibilities under the existing auditing standards to detect, evaluate, and communicate illegal acts. See Spotlight: Auditor Responsibilities for Detecting, Evaluating, and Making Communications About Illegal Acts (November 2024) (Illegal Acts Spotlight).
NOCLAR
The proposed NOCLAR standard would expand the auditor’s obligation to plan and perform audit procedures to (1) identify laws and regulations with which noncompliance could reasonably have a material effect on the financial statements; (2) assess and respond to risks of material misstatement of the financial statements due to noncompliance with those laws and regulations; and (3) identify whether there is information indicating such noncompliance with those laws and regulations has or may have occurred. Auditors would have to identify the laws to which the company is subject, look for and evaluate information suggesting any possible noncompliance, and communicate with management and the audit committee when they uncover such information, before determining whether a violation occurred or had a financial statement impact. See PCAOB Proposes to Expand Auditor Responsibility for Financial Statement Fairness and for Legal Compliance (May-June 2023 Update).
While investors generally supported NOCLAR, the auditors, public companies, and audit committees were strongly opposed. Many of these commenters argued that NOCLAR would require auditors to delve into legal compliance issues as to which they lacked competence and that were unlikely to materially impact the financial statements. There was also concern that requiring auditors to conduct a broad inquiry into compliance with a wide spectrum of laws and regulations would significantly increase audit costs. See Audit Committee Members Weigh in on NOCLAR Proposal, August-September 2023 Update.
The impending change in the regulatory environment in the wake of the Presidential election appears to be the reason for the Board's decision to step back from NOCLAR. PCAOB standards require SEC approval before taking effect, and the SEC must invite and consider public comment before acting on a Board standard. Even if the Board had approved NOCLAR, it is not clear that the Commission could have acted on the standard before SEC Chair Gensler’s departure.
Illegal Acts Spotlight
While NOCLAR is likely dead, at least in the form the PCAOB proposed in 2023, auditors already have significant responsibilities to detect and report on illegal acts. The Illegal Acts Spotlight states that, under the federal securities laws and current PCAOB auditing standards, auditors have a responsibility to --
(1) Detect illegal acts.
(2) Evaluate information indicating that an illegal act has or may have occurred.
(3) Determine whether it is likely that an illegal act has occurred, and, if so, to consider the possible effect of the illegal act on the financial statements of the company.
(4) Make appropriate communications about illegal acts, unless “clearly inconsequential,” to management, the audit committee, and, in some circumstances, the SEC.
Below is a synopsis of the discussion in the Illegal Acts Spotlight of these responsibilities.
Detecting Illegal Acts
Section 10A of the Securities Exchange Act requires audits to include “procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts.” Under the PCAOB standards, the auditor’s responsibility to detect and report misstatements from illegal acts that have a direct effect on the determination of financial statement amounts (e.g., violations of tax or pension laws) is the same as for misstatements caused by error or fraud. The auditor is also required to be aware of the possibility that illegal acts with an indirect effect may have occurred. (Violations with an indirect effect are those that relate “more to a company’s operations than its financial reporting.”) If specific information comes to the auditor’s attention about a possible illegal act that could have a material indirect effect on the financial statements, the auditor must determine whether the illegal act occurred.
The Illegal Acts Spotlight describes procedures that auditors employ for detecting potential illegal acts. These include inquiries of management, the audit committee, internal or external legal counsel, internal audit, and others. Auditors also review board and committee minutes, correspondence from regulators, legal expenses, and matters arising through the company’s compliance function. The auditor is required to ask management and the audit committee whether they have received tips or complaints regarding the company’s financial reporting.
Evaluating Illegal Acts
If the auditor becomes aware of a possible illegal act, the PCAOB’s standards require the auditor to obtain an understanding of the nature of the act and the circumstances in which it occurred and to evaluate its effect on the financial statements. Similarly, under Section 10A, if the auditor “detects or otherwise becomes aware of information indicating that an illegal act (whether or not perceived to have a material effect on the financial statements of the issuer) has or may have occurred,” the auditor is required “to determine whether it is likely that an illegal act has occurred.”
If the auditor concludes that an illegal act has or is likely to have occurred, the auditor must consider the effect act on the amounts in the financial statements (including contingent monetary effects, such as fines, penalties, and damages) and on the disclosure in the financial statements. The auditor’s assessment of the materiality of any effects on the financial statements, including disclosures, requires consideration of both quantitative and qualitative factors. The PCAOB’s standards also require the auditor to consider the implications of the illegal act on other aspects of the audit, such as the reliability of management representations and the effectiveness of ICFR.
Making Communications About Illegal Acts
Unless the illegal act is “clearly inconsequential,” the auditor is required to inform management of an illegal act that comes to the auditor’s attention and to assure that the audit committee is informed. Under Section 10A, the auditor is also required to communicate directly to the board of directors, if the auditor concludes that (1) the illegal act has a material effect on the financial statements; (2) senior management has not taken timely and appropriate remedial actions; and (3) the failure to take remedial action is reasonably expected to warrant departure from the standard auditor’s report or the auditor’s resignation. The auditor is also required to notify the SEC of the illegal act if the auditor has made this communication to the board and the company fails to inform the Commission.
Audit Committee Takeaways
In light of the potential increased audit costs and impacts on compliance procedures and relationships with legal counsel, most audit committees will be relieved that the PCAOB does not plan to adopt its NOCLAR proposal, at least in the near term. It is possible that, even under new, post-inauguration leadership, the Board will continue to consider changes to the auditor’s responsibilities regarding company noncompliance with laws and regulations. Audit committees should continue to monitor developments in this area.
Audit committees may also want to review the Illegal Acts Spotlight to refresh their understanding of the existing audit requirements regarding illegal acts. Having failed to adopt the NOCLAR proposal, the Board could decide to step up its inspection focus on auditor compliance with these requirements. Audit committees may want to discuss with their engagement partner how the current standards affect the company’s audit and whether the engagement team anticipates making any changes to its procedures regarding the possibility of illegal acts.
Comments