With just a few days until the comment period ends, the Public Company Accounting Oversight Board got an earful from its advisory board on Thursday about the new standard for auditors’ attestation of corporate internal controls. In a nutshell, the corporate executives and accounting experts questioned whether the more-flexible standard will lead to less-effective audits.
The PCAOB is attempting to simplify its most-contentious auditor guideline, Auditing Standard No. 2, in response to concerns in the business community that audits under the Sarbanes-Oxley Act have become too onerous and costly. The proposed standard — commonly referred to by the board as AS5 — encourages auditors to take a “top down, risk-based approach” by focusing on only those areas in which a material weakness could lead to a misstatement.
While AS5 is not a dramatic stretch from its predecessor, it more explicitly gives auditors and their clients more latitude in their professional judgment, notes John Morrissey, operating controller at General Electric and a member of the PCAOB’s Standing Advisory Group. At the same time, that leeway could open the door for more lax audits. “People have a concern that this could be an excuse to cut back on work and not focus on quality,” he says.
Ed Trott, a member of the Financial Accounting Standards Board, similarly worries that the PCAOB hasn’t done enough to explain the new standard’s true intentions. Trott, like other advisory group members, wonders if AS5 is promoting the idea of better efficiency in audits and, inadvertently, sacrificing their effectiveness. That concern has many financial-statement users and preparers thinking that AS5 is a “relaxation” of AS2, he says. “Unfortunately, your actions are likely to be misinterpreted and deemed to be a back-off of the objectives that you set with AS2.”
During the daylong meeting, the PCAOB board members and staff remained quiet, for the most part, as they listened to the advisory group members, which comprised executives, directors, and audit-firm representatives. The meeting’s objective was to collect the advisory group’s opinions regarding inconsistencies or duplication in the standard, says PCAOB chairman Mark Olson. Still, board member Kayla Gillian addressed the issue raised by Trott and others: AS5 specifically calls for high-quality audits with the least amount of resources possible, she explained. “This is not intended in any way to water down the standard.”
AS2 has become the de facto guidance for management compliance with Sarbox’s internal-control provision, Section 404. The rewrite of the standard came amid a recent flurry of sharp criticism by business groups and politicians lobbying for a rollback of corporate regulations; namely, Sarbox. In fact, the Securities and Exchange Commission proposed a so-called lighter version of Section 404 about the same time the PCAOB introduced AS5. As a result, the two 70-day comment periods coincide.
Like AS5, which requires SEC approval, the commission’s Section 404 revisions call for companies to focus on issues of materiality. But the differences in the two regulations highlight the need for more communication between management and auditors, Robert Tarola, senior vice president and CFO of W.R. Grace, told the PCAOB. “Heretofore there has been very little collaboration, and we’ve pretty much been in a ‘gotcha’ situation,” he said. “To avoid that, audit teams and auditors need to work together to protect investors and agree on the important areas to review and complement each other.”
Management and auditors aren’t the only ones who need to be on the same page regarding AS5’s principles. PCAOB inspectors should also be “in sync” with the audit firms, said Cynthia Cooper, a consultant and auditing expert. She reckons that the inspection reports resulting from the first round of audits using AS5 will set the tone for the PCAOB’s objectives more than the standard itself. “If the auditors use their judgment and the inspector second-guesses that judgment, that will impact the reports going forward,” she said.
The Standing Advisory Group made several other suggestions to the PCAOB, including:
• The board should reconsider asking auditors to evaluate the size of a company to determine how much work they will do. The main point of AS5 is to scale the standard for smaller companies, many of which have yet to be required to comply with Section 404, and subsequently AS2. Critics of AS2 have said the standard takes too much of a “one-size-fits-all” approach and does not account for organizations of a smaller size with limited resources. Since the new standard calls for a risk-based approach, determining a company’s size is not necessary, said Trott. The standard should instead ask auditors to determine the breadth of their work based on a company’s complexity, and stay away from basing the scope of the work on a company’s assets, said some of the advisory group members.
• The PCAOB should be wary of creating an additional new standard (which some advisory group members referred to as AS6) that would explicitly guide auditors on how to consider and use the work of others, such internal auditors. AS2 forbids auditors to use others’ work, but that language is missing from the new standard. Advisory board members were torn about how AS6 should be applied: several thought it was confusing, while others thought it was simply a basis for auditors to decide if they could piggyback on the expertise of an internal employee.
• Because auditors using the new standard should “rely more on general principles rather than detailed direction,” according to the PCAOB, a list of ultimate principles should be listed in bulleted form to clarify the standard’s objectives, suggested Lynn Turner, managing director of research at Glass Lewis and a former chief accountant at the SEC.
The deadline for comments to the PCAOB about AS5 is Monday, February 26.