For the past ten years, as US public companies have adjusted to new corporate governance regulations, external auditors and audit committees have become more communicative in an effort to manage risk and ensure compliance with a flurry of new rules.
Now, the importance of effective, two-way dialogue itself is the subject of regulation.
A new standard approved last week by the US Public Company Accounting Oversight Board (PCAOB) formally elevates the importance of communication between external auditors and audit committees.
Auditing Standard (AS) No. 16, Communications With Audit Committees, supersedes AU Sec. 380, a standard that became effective in January 1989 and said communication with audit committees is “incidental” to the audit and was not required before the audit report was issued. In contrast, AS 16 says the auditor’s dialogue with the audit committee is “integral” to an effective audit.
The shift reflects the business and regulatory environment that has evolved since the enactment of the US Sarbanes-Oxley Act of 2002, in which many external auditors and audit committees already are participating in the robust dialogue described by AS 16.
AS 16 reflects the importance of that communication by codifying in one place existing communication requirements that have been enhanced in some cases; incorporating certain US Securities and Exchange Commission (SEC) requirements; and adding new communication requirements that are linked to performance requirements in other PCAOB standards.
“The standard, as it’s currently proposed, is just putting in words and into a standard something where, from my view, practice raced ahead of the [previous] standard years ago,” said Chris Smith, the audit and accounting professional practice leader for BDO USA LLP.
The PCAOB has no jurisdiction over audit committees, so the standard’s requirements are aimed strictly at external auditors. The new standard requires auditors to:
Establish the understanding of the terms of the audit engagement with the audit committee. The terms of the engagement must be recorded in an engagement letter. Previously, AU Sec. 310 had required the understanding to be established with company management rather than the audit committee.
Provide audit committees with an overview of the overall audit strategy, including the timing of the audit, significant risks the auditor identified and significant changes to the planned audit strategy or risks.
Provide information about others involved in the audit, including internal auditors or other independent public accounting firms.
Explain the basis for the auditor’s determination that he or she can serve as the principal auditor, if significant parts of the audit will be performed by other auditors.
Give information regarding the company’s accounting policies, practices, estimates and significant unusual transactions.
Provide an evaluation of the quality of the company’s financial reporting, including conclusions regarding critical accounting estimates and the company’s financial statement presentation; difficult or contentious matters for which the auditor consulted outside the engagement team; the auditor’s evaluation of the company’s ability to continue as a going concern; and difficulties encountered in performing the audit.
As with all PCAOB standards, AS 16 is subject to approval by the SEC. The SEC also must determine whether the standard should apply to emerging growth companies as defined by the Jumpstart Our Business Startups (JOBS) Act of 2012, P.L. 112-106; the PCAOB recommended that such companies be required to apply the standard.
If approved by the SEC, the standard would be effective for public company audits of fiscal periods beginning after December 15th 2012.
“The standard moves the auditor’s communication with the audit committee away from compliance checklists, decisively in the direction of meaningful, effective interchange,” PCAOB Chairman James Doty said during an August 15th public meeting as the board voted on the proposal. “We have taken care to avoid miring both the auditor and the audit committee in minutiae.”
Not a “check-the-box exercise”
Marriott International Audit Committee Chair George Muñoz said in an interview that it’s good to have expectations about communication understood upfront. He also cautioned that audit committee members need to remember that their responsibilities extend beyond the PCAOB’s jurisdiction.
Doty and the PCAOB staff made it clear that communication should not be a check-the-box exercise, and Muñoz agreed.
“What you don’t want is the audit committee to follow what an external party is saying you should do and miss the forest for the trees,” Muñoz said.
The PCAOB has been developing the standard for more than two years. It was proposed March 29th 2010, and reproposed December 20th 2011, after the PCAOB received feedback from stakeholders.
The standard was developed to be scalable to the size and complexity of a company, so less communication would be required of auditors of smaller, less complex companies.
Written and oral communication
The standard also allows for written or oral communication. The substance of oral communication must be documented, but Smith said the standard enhances ease of communication by allowing for spoken exchanges.
“There are parts of this that if they had to be reduced to writing, it might infringe on the timeliness and the quality of the communications,” Smith said. “I think allowing certain things to be done orally, it’s making sure that someone is not so focused on the form and they’re more focused on the content. I think that’s also reflective of the real world.”
Smith identified several items in the standard that will lead to good dialogue. These include conversations about the use of specialists; how the auditor determined that he or she can serve as principal auditor; and the strategy of the audit, particularly with regard to risk assessment and identification.
Muñoz said reinforcing the importance of robust communication is useful even though many auditors and audit committees already are communicating effectively during the course of the audit.
“Just because the good, large public companies are already doing this, it’s probably insufficient to assume that a rule is not required,” Muñoz said. “And [the standard] is not for those companies that already are doing it, but for those companies that maybe aren’t doing it as robustly as they should.”
—Ken Tysiac (firstname.lastname@example.org) is a CGMA Magazine senior editor.