PCAOB Proposes New Risk Rules

The standards outline how auditors should weigh the extent of their reviews against the risk for material misstatements.
Sarah JohnsonOctober 21, 2008

The Public Company Accounting Oversight Board has proposed new rules dictating how auditors should assess and respond to the risk that the financial reports they review contain incorrect information.

The seven proposed standards, as well as amendments to existing rules, should result in more effective audits, according to the board, which has published the proposals for a 120-day comment period. Moreover, the guidance could improve auditors’ ability to notice fraud.

“We have heard concerns from investors and identified issues through our inspections that some auditors have appeared to view the consideration of fraud as an isolated and mechanical process rather than an integral part of the audit,” PCAOB chairman Mark Olson said. “Today’s proposal should send an important message that the board views assessing the risk of fraud as a central part of the audit process.”

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

In recent years, the PCAOB has emphasized that auditors should take a risk-based approach by focusing efforts on areas that have the potential for creating a material misstatement. It’s a concept the board drove home in its revision to its internal-control standard, which initially led companies to balk because they felt that auditors were unnecessarily overreaching in their reviews.

If approved, the new guidance will explain auditors’ responsibilities for identifying and assessing the risk of material misstatements, reducing that risk, and responding to it. The rules will address the auditors’ processes for dealing with risk, from the planning stages of an audit to the point when they provide their opinion. In addition, one standard will address how auditors apply materiality as they plan and scope their work.

The proposed risk-assessment rules have been a “high priority” for the board, Olson said, and have been in development for three years. The guidance would update several of PCAOB’s rules, some of which are more that 20 years old, and were part of the structure that the board adopted after the passage of the Sarbanes-Oxley Act in 2002.

The proposed guidance calls on auditors to have a strong understanding of each corporate client’s industry and environment, Olson said. “We are well aware today more than ever that risk factors can change and sometimes rather quickly,” he added.

To come up with the proposal, the PCAOB staff evaluated the risk-assessment standards put out by the International Auditing and Assurance Standards Board and the U.S. Auditing Standards Board. Board member Bill Gradison, who has been advocating for the convergence of global auditing rules, praised the fact that the PCAOB’s new guidelines are similar to those of other standard-setters.

In addition, some of the proposed guidance was gathered from the audit firms themselves, which already have many of these risk-assessment policies and procedures in place, according to Keith Wilson, associate chief auditor for the PCAOB. For that reason, Wilson doesn’t expect the new guidance to create more work for the auditors — and thus drive up audit costs for their corporate clients.

However, PCAOB board member Daniel Goelzer noted that after six years of setting standards, “we sometimes find that people have a different view of the [proposals’] impact on auditing and the cost of auditing … than we have.”