Investor Bulletin - Opportunity to Comment on Proposed Standard Addressing an Auditor’s Responsibility Related to a Company’s Noncompliance With Laws and Regulations (NOCLAR)
June 30, 2023
The Public Company Accounting Oversight Board’s (PCAOB or “Board”) Office of the Investor Advocate is alerting investors to the opportunity to comment on the PCAOB’s proposed Amendments to PCAOB Auditing Standards Related to a Company’s Noncompliance With Laws and Regulations and Other Related Amendments.
This document represents the views of the PCAOB Office of the Investor Advocate and not necessarily those of other PCAOB staff or the Board. It is not a rule, policy, or statement of the Board.
On June 6, 2023, the Board issued a proposal for public comment to strengthen auditor vigilance against fraud and other forms of noncompliance with laws and regulations.
- Read the full proposal here.
Companies’ noncompliance with laws and regulations may lead to sanctions, material fines, and civil settlements, resulting in substantial financial damage to investors through falling share prices – especially when noncompliance has gone undetected for longer periods or the related impact is not properly addressed in the financial statements. The PCAOB has observed through its oversight activities failures by auditors to appropriately respond to information of potential violations of laws and regulations and to evaluate the impact of identified violations of laws and regulations on the financial statements.
This proposal seeks to better protect investors from the resulting harm by strengthening auditor requirements to identify, evaluate, and communicate information that may indicate a company’s possible or actual noncompliance with laws and regulations.
The proposal is anchored by the auditor’s “fundamental obligation to protect investors through the preparation and issuance of informative, accurate, and independent auditor’s reports.”
The Investor Advocate strongly encourages all investors to carefully read the proposal and provide comments.
How to Comment on the Proposal
The Board is seeking public comment – including from investors – on the proposal. Comments are due by August 7, 2023. Comments can be sent by email (to [email protected]), by paper mail, or through the Board’s website.
Additional Information About the Board’s Proposal
This section contains a high-level summary of the proposal. Readers are encouraged to read the full proposal HERE and provide responses to the included questions as well as feedback on any other aspect of the proposal.
AUDITOR RESPONSIBILITY TO IDENTIFY
The proposed standard would require auditors to plan and perform audit procedures to proactively identify the laws and regulations with which noncompliance could “reasonably have a material effect on the company’s financial statements.” It would require the auditor to assess and respond to the risk of material misstatement of the financial statements due to noncompliance with those laws and regulations.
The current standard makes a distinction between laws and regulations with a “direct effect” versus those with an “indirect effect” on the financial statements, and normally does not hold the auditor responsible for the detection of illegal acts that have an indirect effect. The proposal removes the distinction between direct and indirect and makes clear the auditor’s responsibility is to detect noncompliance that could reasonably have a material effect on the company’s financial statements.
AUDITOR RESPONSIBILITY TO EVALUATE
The proposal would strengthen requirements related to the auditor’s evaluation of whether noncompliance with laws and regulations has occurred, and if so, the possible effects on the financial statements and other aspects of the audit.
It would require the auditor to consider whether specialized skill or knowledge is needed to assist the auditor in evaluating information indicating noncompliance has or may have occurred. If the auditor determines that specialized skill or knowledge outside of accounting and auditing is needed to assist the auditor in evaluating, the proposed standard would require the auditor to look to the appropriate requirements in other PCAOB standards for using the work of specialists in an audit.
AUDITOR RESPONSIBILITY TO COMMUNICATE
The proposal would generally require the auditor to communicate with the appropriate level of management and the audit committee on at least two occasions:
- After the auditor becomes aware of information indicating that noncompliance has or may have occurred, and
- After the auditor has evaluated such information.
The current standard only requires the former.
REPLACING THE CURRENT STANDARD
The proposed standard would replace the current interim standard, AS 2405, Illegal Acts by Clients. That interim standard was first adopted by the PCAOB in 2003 based on a standard issued by the Auditing Standards Board of the American Institute of Certified Public Accountants in 1977 and most recently revised in 1988.
The existing standard predates the enactment of federal securities law provisions that fundamentally altered the auditor’s responsibilities for detecting and responding to illegal acts, namely Section 10A of the Securities Exchange Act. Additionally, the Sarbanes-Oxley Act included provisions related to corporate governance, among others, that have led companies to develop more sophisticated ethics and compliance systems.
The PCAOB considered these changes in developing the new proposed standard.
Additionally, the proposed standard would replace the term “illegal acts” with “noncompliance with laws and regulations.” As with the existing definition of illegal acts, the proposed meaning of noncompliance with laws and regulations is broad and encompasses a wide variety of conduct, including embezzlement of company funds, misappropriation of assets, or payment of bribes, as well as other conduct that has financial consequences to the company, such as violations of employment, occupational safety and health, antitrust, and privacy laws and regulations. And, consistent with the existing standard, noncompliance with laws and regulations would not include personal conduct unrelated to company business.
The goal of this change is to shift the auditor’s focus to all types of noncompliance, whether the violations concern financial or operational issues or involve intentional or unintentional conduct.
The proposed definition of noncompliance with laws and regulations would expressly include financial statement fraud.
Finally, the proposal updates and makes conforming amendments to other standards that align with and support the proposed AS 2405, A Company’s Noncompliance with Laws and Regulations, including required audit procedures to identify and assess the risks of material misstatement due to noncompliance.
AS 2401 STILL ON THE AGENDA
It is important to note that the PCAOB’s standard related to an auditor’s consideration of fraud in a financial statement audit (AS 2401) would continue to govern the auditor’s responsibilities with respect to the identification of information that may be indicative of fraud. The evaluation and communication of fraud would be addressed by the proposed standard, and those requirements would be applied in the same manner as for other forms of noncompliance with laws and regulations. The PCAOB continues to have a separate mid-term project on its standard-setting agenda to consider how AS 2401 should be revised to enhance the auditor’s responsibilities for the identification of information that may be indicative of fraud, including addressing matters that may arise from developments in the use of technology.
The Office of the Investor Advocate encourages investors as well as others to submit comments on this proposal. There are 70 specific questions in the proposal, and the PCAOB is interested in all responses to these questions.