August 7, 2023

Comment Letter | PCAOB: AS 2405, A Company’s Noncompliance with Laws and Regulations

In this comment letter, the CAQ provides views to the PCAOB related to its request for comment on its proposed Amendments to PCAOB Auditing Standards related to a Company’s Noncompliance with Laws and Regulations and Other Related Amendments.

The CAQ supports the Board’s intention to modernize and strengthen auditing standards related to the auditor’s consideration of a company’s noncompliance with laws and regulations, including fraud, as a way to strengthen auditing practices and continuously improve audit quality. We believe that any project to modernize the auditing standards should be focused on enhancing audit quality and the benefit of an independent audit, while making it clear what an auditor is expected to do in the context of a financial statement audit.

We are concerned that the proposed amendments would result in requirements that may not be practical or achievable and could cause considerable confusion with respect to the appropriate role of auditors, ultimately to the detriment of investors.

The auditing profession has been and remains committed to its role among the various stakeholders in the US financial reporting ecosystem, and is supportive of enhancements to existing AS 2405, but we believe that updates need to be principles based and allow the auditor to take a risk-based approach.  

We believe further engagement with all relevant stakeholders in the financial reporting ecosystem, including public roundtables and field testing, is needed to understand the implications of the proposal and whether it will meet the Board’s objectives.

Key Observations

Our key observations on the proposal fall in the following five categories:

  1. Fundamental shift in the objectives of an audit: The requirements proposed in the standards represent a fundamental shift in the auditor’s objectives in planning and performing the audit. The proposed standard puts auditors in the position of performing procedures consistent with the objective of a compliance audit or forensic investigation. We recommend the Board look to the rulemaking history of Section 10A of the Securities Exchange Act, as well as the rulemaking history of PCAOB Auditing Standard No. 2, and the later need for PCAOB Auditing Standard No. 5, when finalizing the proposed standard.
  2. Scope of the proposal: The securities laws and their implementing regulations do not require a public company’s management to identify all laws and regulations to which the public company is subject, and yet this proposal appears to essentially require auditors to do so. Our concern with the lack of clarity related to the “threshold” auditors would use to identify laws and regulations on which to focus their procedures is at the heart of our concerns with the proposed standards. Clarifying the threshold of which laws and regulations an auditor would need to focus on, and how this would relate to the risk assessment the auditor performs with respect to the historical financial statements being audited, would improve the operability of the proposed standard.
  3. Auditors are not lawyers or forensic specialists: Broadening the scope of the laws and regulations for which the auditor must consider whether non-compliance “could reasonably” have a material impact on the financial statements would require a deep level of legal and regulatory subject matter expertise and interpretation, which does not fall within the core competencies of financial statement auditors and could be viewed as the auditor engaging in the unauthorized practice of law. The proposed standards significantly expand auditors’ need for expertise from significant numbers of lawyers, regulatory experts, fraud experts, and other specialists.
  4. Role of auditor versus role of management: A long-established accountability framework exists, whereby management prepares and discloses financial and other information; auditors obtain reasonable assurance about whether the financial information is prepared in accordance with a financial reporting framework, in all material respects; and regulators provide oversight of the public companies and auditors. The proposal essentially transforms the auditor’s role into a responsibility to monitor an entity’s compliance with evolving laws and regulations, which is, at a minimum, a compliance function and, potentially, a management function. Such a transformation would come at the detriment of the auditor’s core responsibilities of performing an independent assessment of the financial statements prepared by management.
  5. Costs and benefits of NOCLAR proposal require further study: The costs and benefits of the NOCLAR proposal have not been adequately studied. The proposal does not quantify the substantial costs that could be incurred as a result of the proposed standards, nor does it provide evidence that benefits will be achieved.

Read the full comment letter here.