Proposed PCAOB rule risks turning auditors into legal watchdogs

April 25, 2024

The NOCLAR proposal would impose on auditors greatly expanded responsibilities for identifying — or even preventing — noncompliance with a very wide range of laws, PwC’s Brian Croteau writes.

Twenty-two years ago, Congress enacted the Sarbanes-Oxley Act — the landmark legislation that created the foundation for the modern corporate financial reporting and auditing landscape, as well as developing the Public Company Accounting Oversight Board to oversee the audits of U.S. companies. Since that time, the business environment has changed dramatically, requiring the audit profession to respond to a wide range of stakeholders’ needs and expectations.

Ultimately, auditors serve an important role that contributes to confidence in the financial information provided by public companies, which help drive our capital markets. This is not a responsibility that we, as auditors, take lightly. That is why we have continued to take proactive actions since the inception of SOX to enhance confidence, respond to emerging and evolving risks, and provide clarity around the auditor’s role.

For that reason, meaningful, but appropriately measured, changes to auditing standards and regulations are important to the strength of capital markets and to the investor community, and that’s why a new standard put forth by the PCAOB deserves close attention.

In June 2023, the PCAOB proposed a new auditing standard related to a Company’s Noncompliance with Laws and Regulations that would significantly alter the audit landscape. On March 6 of this year, I participated in a roundtable held by the PCAOB to seek further feedback on the proposed standard from a range of stakeholders.

As discussed during the roundtable, the NOCLAR auditing standard would expand auditors’ scope of work dramatically: the rule as proposed would impose on auditors greatly expanded responsibilities for identifying — or even preventing — noncompliance with a very wide range of laws to which a company is subject.

This is in contrast to current standards today, where auditors focus on laws and regulations that have a direct and material impact on a company’s financial statements — for example, those relating to income taxes and pensions. Where noncompliance with other types of laws and regulations comes to our attention, we perform further procedures related to the matters identified, because they could indirectly affect the financial statements through fines or other penalties.

Auditors also closely assess matters related to the company’s accounting for loss contingencies and related disclosures. To illustrate how this approach works under the current standard, take the case of a fictional electronics manufacturer. Today, that manufacturer’s financial statements and disclosures are subjected to procedures to obtain reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts, such as a law imposing federal corporate income taxes.

It would be reasonable for the PCAOB to adopt a rule expanding the auditor’s responsibilities by requiring us to perform additional risk-based procedures related to those laws and regulations that are central or critical to a company’s operations. In the example of the electronics manufacturer, these related laws might apply to the sourcing of materials or compliance with waste disposal standards, both of which could have a material impact on its financial reporting.

But, is it similarly reasonable for the PCAOB to adopt a rule that would require the auditor of the electronics manufacturer to assess whether the company is in compliance with foreign regulations on office remodeling permits? While this may seem an extreme example, given the thousands of laws and regulations to which any company is subject, it’s important the auditor’s role be well-defined and closely tied to reliable financial reporting.

NOCLAR risks transforming the independent auditor’s role of providing an opinion based on reasonable assurance that the financial statements are presented fairly into one of a compliance officer. Because that is a role that rests squarely with company management, the proposal has the potential to jeopardize auditor independence.

For CFOs of public companies, as proposed, the NOCLAR rule would lead to a marked increase in costs that likely far outweigh benefits, as well as having unintended consequences such as adding further complexity to privilege considerations and management of interactions with both internal and external counsel. Such matters could ultimately complicate, and in some ways conflate, CFO, audit committee and external auditor responsibilities.

Brian Croteau is Chief Auditor at PricewaterhouseCoopers U.S. and a member of the Public Company Accounting Oversight Board’s Standards and Emerging Issues Advisory Group. Views are the author’s own.

[CFO Dive]