PCAOB Standing Advisory Group Discusses Auditor Communications and Audit CommiteesDarren Cooper
February 1, 2006 — 1,503 views
The Public Company Accounting Oversight Board (“PCAOB” or the “Board”) recently held its Standing Advisory Group (“SAG”) meeting to discuss standards-setting activities over the past year and address proposed 2006 activities. The SAG is composed of approximately 30 qualified professionals representing the auditing profession, public companies and investors. In addition, the SAG has six observing organizations; the Financial Accounting Standards Board, the Government Accountability Office, the International Auditing and Assurance Standards Board, the Securities and Exchange Commission, the Department of Labor, and the Auditing Standards Board of the American Institute of Certified Public Accountants. The SAG meets three times a year or as often as needed, primarily to provide advice to assist the Board in prioritizing its standards-setting activities.
An important initiative at the recent 2005 SAG meeting was to obtain input from several public company audit committee chairs, as to the current communication environment between audit firms and audit committees. Since the passage of the Sarbanes Oxley Act of 2002 (“SOX”) and the implementation of related SEC rules, the role of the public company audit committee in overseeing the financial reporting process has been strengthened. The requirements under SOX including, among other things, audit committee pre-approval of all audit and non-audit services, general oversight of the audit firm, and timely auditor submission of reports to audit committees, reinforce the need for audit firms to maintain consistent dialogue with the audit committee. During the SAG meeting, audit committee chairs suggested ways auditors can improve relations and communications with audit committees in light of both the SOX requirements and the current PCAOB standard on communications.
AICPA Professional Auditing Standards, Communication with Audit Committees (AU §380)
In 2003, the Board adopted pre-existing auditing standard AU §380, Communication With Audit Committees, to be used on an initial interim basis. AU §380, however, pre-dates SOX and therefore, does not reflect the 2002 SOX requirements and related SEC rules on auditor communication with audit committees. Since adopting AU §380 as an interim communication standard, the Board has yet to propose any new or enhanced professional practice standards relating to audit firm communications. The Board intends to use comments from the SAG meeting to evaluate AU §380 and determine whether additional PCAOB communication requirements should be added and/or whether any of the existing interim requirements should be eliminated.
Weakness of AU §380
Under AU §380, auditors often determine when certain matters related to the conduct of an audit are communicated to the audit committee. These matters, including among others, notification of selection and change of significant accounting policies, proposed material audit adjustments, and particular difficulties with management, are deemed “incidental” to the audit. Thus, although AU §380 requires the auditor to discuss such matters with the audit committee, the auditor has discretion to inform the audit committee either before or after the issuance of the auditor’s report on the entity’s financial statements. As a result, under the AU §380 standard, an audit firm who fails to communicate material information to the audit committee well before issuing the audit report, may leave the audit committee unaware of relevant analysis and information discovered by the auditor while testing the entity’s internal controls or financial statements. Such lack of communication runs contrary to the SOX initiative of requiring continuous audit committee oversight.
Below, two illustrations signify additional weaknesses associated with AU §380 and how the standard fails to comply with the SOX requirement of ensuring that audit firms are appropriately and timely communicating with audit committees:
1) During the audit, an auditor generally makes an assessment of the client’s internal control and the risk that the financial statements are free from material misstatement due to fraud. AU §380 suggests, but does not require, the auditor to communicate that assessment to the audit committee. In fact, such assessment of the company’s internal controls and fraud risk is the very type of information highly regarded by the audit committee in order to understand the nature and scope of the assurance provided by the audit and the audit firm. Ideally then, in order to appropriately keep the audit committee apprised of relevant information, an auditor should undoubtedly relay these assessments and other material findings to the audit committee on a timely basis and prior to the issuance of the audit report.
2) Not all forms of written communications provided to management are necessarily provided to the audit committee. These communications include management representation, engagement and independence letters, schedules of unadjusted audit differences and reports on internal controls. The SEC believes that these forms of communications are considered “material written communications” to an issuer and therefore, they should be provided to the audit committee. Specifically, SOX and SEC Rules cite the management letter and schedules of unadjusted differences as examples of material written communications that must be provided to audit committees.
Developing Enhanced Forms of Communication
The Board will likely amend AU §380 to reflect enhanced communication standards in line with the requirements of SOX and related SEC Rules. In the meantime, audit firms should develop an immediate and recurring dialogue with their respective audit committees. Auditors must focus on timely communications with the audit committee, well beyond discretionary updates. A systematic firm policy should be in place, whereby the audit firm is frequently in contact with the audit committee, providing current updates of progress from inception of the engagement and at least until issuance of the audit report. Several steps, along with SAG suggestions, that audit firms should take now include:
· At inception of the engagement, auditors and the audit committee should develop a risk assessment of the engagement and create a defined mutual starting point. Audit firm and committee goals should be planned out, all audit services stipulated and approved, and a thorough understanding of how the audit committee is to be apprised of progress. Specific time spent planning will help auditors maintain a consistent working relationship with the audit committee.
· Request periodic joint meetings between audit committee members, management and auditors. Organize and create audit firm led education informational sessions with the audit committee and management. These sessions are intended to keep all parties apprised of relevant accounting and auditing issues in the industry that impact the company’s business financial reporting.
· Insist that management take an active role with the audit committee. Management should be aware of the expectation to provide auditors with all necessary information and adequate disclosures. The auditor should determine that the audit committee has received copies of all material written communications between the auditor and management such as engagement and representation letters, reports, and written communications on accounting, auditing, internal control and operational matters.
· Audit firms should disclose any and all existing relationships between auditors and the public company client to avoid conflicts of interest now and potential conflicts in the future.
· Subject to sensitive issues, provide audit committees with nonpublic portions of any PCAOB inspection reports which the audit committee may request.
Lord, Bissell & Brook LLP