Log Out

Letter to PCAOB on auditing standards amendments

August 7, 2023

PCAOB
Erica Y. Williams
Office of the Secretary
1666 K Street, NW
Washington, DC 20006-2803

Sent via email to [email protected]

Proposing Release No. 2023-03
PCAOB Rulemaking Document Matter No. 051
Amendments to PCAOB Auditing Standards related to a Company’s Noncompliance with Laws and Regulations and Other Related Matters

Dear Ms. Williams:

The Virginia Society of CPAs (VSCPA) Accounting & Auditing Advisory Committee has reviewed the PCAOB Rulemaking Document Matter No. 051: Amendments to PCAOB Auditing Standards related to a Company’s Noncompliance with Laws and Regulations and Other Related Matters (Amendments), issued by the PCAOB (Board). The VSCPA is the leading professional association in Virginia dedicated to enhancing the success of all CPAs and their profession by communicating information and vision, promoting professionalism, and advocating members’ interests. The VSCPA membership consists of nearly 13,000 individual members who actively work in public accounting, private industry, government, and education.

The Committee supports the PCAOB’s efforts to improve auditing standards to protect investors from the resulting harm of noncompliance with laws and regulations (NOCLAR) that have a material effect on the financial statements and to improve quality through the auditor’s identification of NONCLAR that could reasonably result in a material effect on the financial statements. However, the Committee does not support the proposed Amendments. 

The proposed Amendments significantly expand the auditor’s responsibility for NOCLAR without sufficient guidance nor substantive evidence that an auditor’s compliance with existing auditing standards would not provide the same level of assurance with regard to identifying material errors in financial statements or material control weaknesses in the internal controls over financial reporting (ICOFR). 

To be clear, the Committee agrees with the general premise that the auditor should consider any NOCLAR that could reasonably result in a material error in the financial statements, direct or indirect: the Committee also interprets the existing requirements to include any NOCLAR that could reasonably result in a material error. However, the attempt “to make explicit” or clarify the requirements though the proposed Amendments further confuse the requirements of a financial statement audit and appear to expand the scope to include aspects of more specialized operational/compliance or forensic audits. 

The Committee also has concerns with regard to the proposed changes to AS 2405 as it relates to fraud, and the expansion of the auditor’s responsibilities to view more of the varied mediums now available outside of the company under audit, ostensibly including social networking sites.

Our specific concerns are discussed below.

1.    Broad expansion of the audit scope  

The expansion of the scope of an audit of the financial statements to effectively include all laws and regulations (as defined in the Amendments) to which a company is subject and then to perform testing without regard to materiality disregards the premise of risk-based auditing for this type of financial statement audit, i.e., to identify any material errors in the financial statements or material weaknesses in the internal controls over financial reporting (ICFR).

Under the Amendments, the financial statement audit appears to take on the requirements of specialized audits, e.g., operational/compliance or forensic audit. If it is the Board’s intention to increase the assurance level and requisite scope of the financial statement audit, then the requirements should fall under the appropriate scope and reporting requirements for these types of specialized audits. This expansion of scope necessarily would require the use of more regulatory and legal experts and an increase in costs in order to provide assurance on specific laws and regulations such as the Foreign Corrupts Practice Act.
Then the additional scope and auditing resources could be properly priced, and the cost/benefit of the Amendments can more readily be assessed.

The determination of the applicability and any NOCLAR without regard to materiality (or level of risk) necessarily requires incremental legal or regulatory expertise. For example, the level and type of legal expertise in a financial statement audit is quite different than, say, an operational compliance audit of global company’s compliance with all local labor, registration, and tax laws in every foreign country in which it operates.

However, if it is the Board’s intention to maintain the same level of assurance but to increase the scope of an audit in order to meet the Board’s existing expectations, then it seems more appropriate to issue the type of interpretive guidance discussed, even though rejected, on page 88 of the Amendments. 

2.    Inclusion of Fraud in NOCLAR

Fraud is a unique aspect of illegal acts (or NOCLAR). The criterion of intent as well as the underlying causes such as collusion and/or senior management override of internal controls necessarily present additional challenges for a financial statement audit. It is more prudent to maintain fraud as its own category with existing auditing procedures and appropriate disclosures of the limitations of the audit to detect fraud. Otherwise, an expectation gap could arise on the level of assurance on detecting fraud in a financial statement audit. The Committee does not believe that the Board’s intent is to expand the scope of a financial statement audit to that of a forensic audit. Again, interpretive guidance seems more appropriate to clarify the Board’s expectations. 

The Committee also recommends that the Board move to a more COSO-related definitions, risks, and controls for the requirements for detecting fraud in a financial statement audit. COSO is the primary control framework used by companies subject to PCAOB auditing requirements. Also, COSO and the Association of Certified Fraud Examiners (ACFE) recently published the Fraud Risk Management Guide, Second Edition. Aligning the PCAOB, COSO, and ACFE frameworks and auditing standards would provide additional guidance and consistency for the companies and their external auditors.

3.    View of more varied external media

It is not reasonable or practicable to require the auditor to conduct a search of certain websites or social media, such as TikTok, Threads, X (Twitter), Facebook, Truth Social, etc. This type of procedure is more appropriate when conducting forensic audits. Also, the reliability of the information on these sites is quite limited.

4.    Relationship to AS 2505: Inquiry of a Client’s Lawyer Concerning Litigation, Claims, and Assessments

The Amendments do not appear to consider its relationship with AS 2505. Do the Amendments create overlapping or unintentional redundant auditing work, or which client/attorney privileges could arise?

5.    Involvement of Compliance Officers and Board Committees 

The Amendments should call out the specific involvement of Chief Compliance Officers as well as the Audit Committee or other Board Committees responsible for legal and regulatory compliance and ethics requirements, similar to the way internal audit is called out in AS 2405.06a.

The VSCPA appreciates the opportunity to respond to this proposed Amendments. Please direct any questions or concerns to VSCPA Vice President, Advocacy Emily Walker, CAE, at [email protected] or (804) 612- 9428. 

Sincerely,

Zach Borgerding, CPA 
Chair 20232024 VSCPA Accounting & Auditing Advisory Committee 

VSCPA Accounting & Auditing Advisory Committee 2023–2024 

Zach Borgerding, CPA — Chair
Michael Phillips, CPA — Vice Chair
David Allen, CPA 
Scott Davis, CPA 
Obed Irfan, CPA 
Joshua Keene, CPA 
Nick Kinsler, CPA 
Daniel Martin, CPA
Brian Minor, CPA 
Elisa Obillo, CPA
Krisia Raya, CPA 
Charles Valadez, CPA 
Natalya Yashina, CPA