How the New PCAOB Standards Might Impact Your Audit Function
By Mike Raia | Published August 28, 2023
If adopted, the PCAOB amendments will have a substantial impact on public company audits. That is why organizations must prove proactive and prepare for these changes.
On June 3, 2023, the Public Company Accounting Oversight Board (PCAOB) proposed extensive new auditing standards requiring auditors to consider a company’s noncompliance with laws and regulations while performing audits. The acronym for the proposed new standards, NOCLAR, stands for Noncompliance With Laws and Regulations.
Three days later, the PCAOB issued for public comment a proposal to replace AS 2405, Illegal Acts by Clients, in its entirety, with AS 2405, A Company’s Noncompliance with Laws and Regulations, along with conforming amendments to PCAOB auditing standards. The reason the startlingly direct Illegal Acts by Clients has been replaced with the somewhat vague A Company’s Noncompliance with Laws and Regulations is so that auditors do not dismiss noncompliant acts that are illegal but may affect financial statements.
Proposed PCAOB Standards
Investors rely on auditor’s reports. The proposed PCAOB standards are designed to better protect investors from potential harm by boosting auditor requirements for identifying, evaluating, and communicating information should a company possibly or prove non-compliant. Upon learning of NOCLAR, the auditor must respond according to the standard.
The new standards would cover all types of non-compliance, whether intentional or not. Here are the proposal’s central elements:
- Identify–Under the proposal, specific requirements are established for auditors to identify applicable laws and regulations that could affect financial statements if the company is non-compliant. The auditor must inquire and use other proactive measures to identify these laws and regulations. NOCLAR states explicitly that financial statement fraud is a form of noncompliance.
- Evaluate–The new proposal increases requirements relating to the auditor’s evaluation of whether noncompliance with laws and regulations took place. If there is evidence of such noncompliance, the auditor must evaluate the effect on all aspects of the audit, not only financial statements. The auditor is also charged with knowing when a special skill set is needed to assist them in information evaluation regarding whether noncompliance has occurred.
- Communicate–The new standards clarify that auditors must communicate to the appropriate management level and the audit committee immediately after learning that noncompliance with laws and regulations has happened. The auditor must let the appropriate management level and the audit committee know their evaluation of the situation as soon as possible.
Audit industry reactions
Tax and accounting firm Thomson Reuters notes that the 35-year-old AICPA standard, Illegal Acts by Clients, has failed to protect investors. Before the formation of the PCAOB in 2022, the auditing industry was essentially self-regulating. Over the past decade, several high-profile cases, most notably that of Wells Fargo creating over 1.5 million unauthorized bank accounts and 560,000 credit card applications, caused investors to wonder why auditor KPMG LLP did not prevent the fraud. Wells Fargo lost $7.8 billion in stock valuation.
Timeline for becoming official
The deadline for public comment ended on August 7, 2023.
Potential impact on organizations
Auditors made aware of noncompliance or who suspect it must comply with NOCLAR promptly. Management holds the ultimate responsibility for addressing NOCLAR. As long as management rectifies the matter swiftly, this should not prove problematic. If management does not act promptly and properly after auditor notification, the auditor must then determine whether it is their ethical responsibility to notify a regulatory body regarding the NOCLAR.
As per The Journal of Accountancy, the laws and regulations addressing NOCLAR include but are not limited to the following matters:
- Data protection
- Fraud, corruption, and bribery
- Money laundering
- Terrorist financing
- Public health and safety
- Securities markets and trading
- Environmental concerns
As the PCOAB notes, if the proposed amendments are adopted, they would “encourage companies to take more timely remedial actions and thereby reduce investor harm caused by legal and regulatory penalties." It is also likely that fewer financial statements would be “materially misstated” due to noncompliance.
How Organizations Should Prepare
Remember that if the proposed amendments pass, they could apply to virtually all laws and regulations an organization is subject to. If adopted, the amendments will substantially impact public company audits. That is why organizations must prove proactive and prepare for these changes.
Expect to invest much time and money in the appropriate infrastructure to accept and address the new NOCLAR rules, including developing a response mechanism. The potential for indirect NOCLAR risks include reputational and financial harm. Business restrictions can always be placed upon an organization due to non-compliance.
Preparation for the new NOCLAR rules
Companies should prepare for the new NOCLAR rules by evaluating current internal processes and procedures for monitoring laws and regulations. Auditors may need to retain legal counsel to make relevant assessments under the new auditing standards. Of course, legal specialists are expensive.
Organizations should perform risk assessment procedures to determine if any information regarding noncompliance has already occurred.
Best organizational compliance practices
Whether the new rules pass, an organization must enforce consistent policies to match its policies and procedures to comply with applicable laws and regulations. It is also crucial that these policies and procedures are followed. Integrify provides consistent, secure, auditable process automation and workflow for any compliance system.
Our audit tracking provides verifiable evidence presentable internally or externally. This evidence includes which tasks or activities were performed and who performed them with time and date stamps.
The role of standardizing and automating finance processes in compliance
With a standardized and automated finance process for compliance, organizations can reduce the risk of proprietary information becoming accessible to the wrong entities. Integrify allows companies to embrace workflow automation that enforces process compliance.
Learn More About Integrify and How We Can Help Your Organization
To see Integrify's auditing tools in action, request a demonstration or watch some of our product videos. If you have any questions, don't hesitate to contact us anytime.
Sources
PCAOB Release No. 2023-004 Technology Assisted Analysis (pcaobus.org)
Noncompliance with Laws and Regulations | PCAOB (pcaobus.org)
PCAOB Proposes Massive Expansion of the Auditor's Role | Troutman Pepper - JDSupra
NOCLAR: What CPAs in public practice need to know - Journal of Accountancy
PCAOB Issues Long-Awaited “NOCLAR” Proposal : TheCorporateCounsel.net Blog
Mike Raia
Marketing the world's best workflow automation software and drinking way too much coffee. Connect with me on LinkedIn at https://www.linkedin.com/in/michaelraia/