News from across the pond: SEC tightens auditor oversight

September 3, 2024

New PCAOB rules aim to enhance accountability

In a move to strengthen investor confidence and improve audit quality, the US Securities and Exchange Commission (SEC) approved a series of new rules proposed by the Public Company Accounting Oversight Board (PCAOB) at the end of August.

These changes mark a shift in the regulatory landscape, empowering the PCAOB to hold auditors more accountable for their actions. As the gatekeeper of public company audits, the PCAOB’s enhanced authority promises to reshape the dynamics between the accounting profession and its overseers, with far-reaching implications for businesses, investors, and the broader financial ecosystem.

The PCAOB’s rulemaking initiative stems from a growing concern over persistent audit deficiencies and a perceived need to modernise the standards governing the auditing profession. In the aftermath of high-profile corporate scandals like Enron and WorldCom, the Sarbanes-Oxley Act of 2002 established the PCAOB as an independent watchdog to oversee public company audits and set enhanced auditing standards.

However, the PCAOB’s rule-making process has been a gradual one, with many of the interim standards inherited from the American Institute of Certified Public Accountants (AICPA) remaining in place for nearly two decades.

From Recklessness to Negligence

One of the central pillars of the SEC’s recent approval is the amendment to PCAOB Rule 3502, which governs the liability of associated persons who contribute to a registered public accounting firm’s violations.

Previously, the rule required a showing of “recklessness” – an “extreme departure from the standard of ordinary care” – to hold an individual accountable. The new amendment lowers the liability standard from recklessness to negligence, aligning it with the SEC’s own enforcement authority and certain state professional licensing requirements.

This shift is intended to incentivise auditors to exercise a higher degree of care and diligence in their work, as they now face the prospect of individual liability for negligent actions that directly and substantially contribute to their firm’s violations. The PCAOB believes this change will bolster its ability to execute its investor-protection mandate, as it will now be able to sanction individuals who negligently contribute to audit failures, rather than being limited to cases involving reckless conduct.

The Adoption of AS 1000

In addition to the contributory liability rule, the SEC has also approved the PCAOB’s adoption of a new standard, AS 1000, which consolidates and modernises the general principles and responsibilities of auditors.

This standard, which replaces several interim standards dating back to the early 2000s, reaffirms the auditor’s duty to protect investors through the preparation of informative, accurate, and independent audit reports.

Key provisions of AS 1000 include:

Updating the auditor’s objective to cover audits of both financial statements and internal control over financial reporting

Tying the auditor’s independence obligations to PCAOB and SEC independence rules

Clarifying the engagement partner’s responsibilities for supervision and review of the audit engagement

Emphasising that the auditor’s evaluation of “fair presentation” extends beyond technical compliance and requires professional judgment

The new standard also accelerates the deadline for auditors to assemble a complete and final set of audit documentation, from 45 days to 14 days, a change viewed as one of the most significant by the SEC’s Chief Accountant.

Amendments to AS 1105 and AS 2301

Recognising the growing role of technology in the audit process, the SEC has also approved PCAOB amendments to AS 1105, “Audit Evidence,” and AS 2301, “The Auditor’s Response to the Risks of Material Misstatement.” These updates aim to provide a framework for auditors to assess the reliability of information when using technology-assisted data analysis in their audit procedures.

The key elements of these amendments include:

Establishing a risk-based approach for auditors to determine the reliability of information in large data sets provided by companies

Providing guidance on the work auditors should perform with respect to items flagged for further investigation by computer-analysis tools

Updating the descriptions of the procedures auditors should perform when using technology-assisted analysis

These principles-based standards are designed to enable the PCAOB to adapt to the evolving nature of technology in the audit landscape, ensuring that auditors can effectively leverage data analytics while maintaining the quality and quantity of evidence required to support their conclusions.

Balancing Accountability and Practicality

The SEC’s approval of the PCAOB’s new rules has not been without controversy, as evidenced by the divided vote and dissenting statements from Republican commissioners. Concerns have been raised about the potential unintended consequences of the contributory liability amendment, including the possibility of discouraging talented individuals from entering the auditing profession or fostering a risk-averse culture that could hinder collaboration among auditors.

Commissioners Hester Peirce and Mark Uyeda, in particular, have questioned whether the negligence-based standard is truly necessary, given that the SEC already has the authority to hold individual auditors accountable for contributing to firm violations under a negligence-based framework.

They have cautioned that the PCAOB’s “aggressive enforcement” approach, when paired with the lower liability threshold, could lead to auditors adopting overly cautious behaviors that ultimately undermine audit quality.

Addressing Concerns and Ensuring Balanced Implementation

To address these concerns, the SEC has emphasised that the PCAOB’s intent is not to engage in a “gotcha” approach or to supplant the reasonable professional judgment of auditors. Rather, the negligence standard will require the PCAOB to demonstrate that an individual acted unreasonably and directly and substantially contributed to the firm’s violation in order to hold them liable.

Moreover, the PCAOB has stated that it does not anticipate using the new rule to sanction isolated, good-faith errors in professional judgment, particularly with respect to less senior engagement team members. The SEC has encouraged the PCAOB to provide further implementation guidance to clarify the application of the new standards and alleviate concerns about the potential burden on auditors and their clients.

Ultimately, the SEC’s approval of the PCAOB’s new rules represents a significant step forward in strengthening the accountability and oversight of the auditing profession. By harmonising liability standards and modernising auditor responsibilities, the regulators aim to instil greater trust among investors and issuers in the integrity of financial reporting.

As Commissioner Jaime Lizárraga noted, the amendments come at a time when audit deficiencies and an overall decline in audit quality continue to persist. The new rules are expected to increase the likelihood of misconduct being detected and sanctioned, thereby enhancing investor protections and supporting the efficient functioning of capital markets.

Ongoing Dialogue and Continuous Improvement

The implementation of these new PCAOB standards will undoubtedly be closely watched by the accounting profession, regulators, and the broader financial community. The SEC has emphasised the importance of the PCAOB providing clear guidance and monitoring the impact of the changes to ensure they strike the appropriate balance between accountability and practicality.

As the auditing landscape continues to evolve, driven by technological advancements and changing market dynamics, the SEC and PCAOB will likely engage in an ongoing dialogue to refine and adapt the regulatory framework. This collaborative approach, grounded in a shared commitment to investor protection and audit quality, will be crucial in navigating the complexities of the modern audit environment and maintaining the public’s trust in the financial reporting ecosystem.

[Accountancy Age]