At the end of last week, the SEC approved the PCAOB’s updated standards for audits that involve multiple auditing firms. SEC Chair Gary Gensler said that the amended standards “will strengthen the requirements for lead auditors who supervise other auditors in an audit, helping to enhance audit quality and protect investors.” Why were these updates necessary? According to Gensler, the globalization and increasing complexity of public company operations has meant that auditors must increasingly “rely on other auditors—working across different firms, countries, and even languages—in completing an audit. Last year,” he said, “26 percent of all issuer audit engagements used multiple auditors, and more than half of large accelerated filer audits used multiple auditors. Given the challenges that such multi-firm audits present, it is important that there be robust standards for how lead auditors supervise, communicate with, and coordinate with other auditors on the audit engagement.” Gensler noted that the updates enhance the standards “across two broad areas. First, the amended standards specify certain procedures for lead auditors to perform when supervising other auditors. Second, they require lead auditors to prioritize their supervisory activities around higher-risk areas in the audit.” PCAOB Chair Erica Williams observed that companies “continue to increase their global presence. As a result, the use of other auditors has become more prevalent in the conduct of an audit, which can create additional challenges for the lead auditor. Adding other auditors into the process requires careful consideration and clear communications between all auditors involved in the audit. And when miscommunication occurs or when there are misunderstandings about the nature, timing, and extent of the other auditor’s procedures, audit quality will likely suffer.” It’s worth noting that some aspects of the new amendments will affect communications with the audit committee. The amendments will be effective for audits of financial statements for fiscal years ending on or after December 15, 2024.
PCAOB member (and former SEC Commissioner) Kara Stein, observed that
“[t]he staff have cleverly developed a mix of both principles and rules to address audit deficiencies and weaknesses that have been observed. The amended standard amplifies the lead auditor’s requirement for planning and supervising the work of audits involving accounting firms and individual accountants (‘other auditors’) by requiring a risk-based supervisory approach. It also dictates certain procedures that lead auditors must perform in order to rely on the work that the other auditors perform, such [as] determining whether the work was performed as instructed and assessing whether additional audit evidence needs to be obtained. I believe that the most significant improvement, however, is the requirement for the lead auditor to understand, assess, and respond to the other auditor’s knowledge, skill, and ability. This includes the other auditor’s knowledge and experience with independence and ethics requirements. In addition, investors are well served by new and enhanced requirements for the lead auditor to determine the sufficiency of its own participation—that means the firm signing the report has performed a meaningful portion of the audit in addition to closely supervising the work of the other auditors.”
As described in the PCAOB release, in these audits, the lead auditor issues the audit report, “but other auditors often perform important work on the audit.” In PCAOB inspections, however, the staff have “observed significant audit deficiencies in the work performed by other auditors, including noncompliance with the lead auditor’s instructions and failure to communicate significant accounting and auditing issues to the lead auditor. Deficiencies have also been identified in other auditors’ compliance with PCAOB standards governing a variety of audit procedures,” often occurring in critical audit areas. In addition, the staff have observed numerous instances “where the lead auditor failed, under existing PCAOB standards, to appropriately determine the sufficiency of its participation in an audit to warrant serving as lead auditor,” or “failed to assess, or adequately assess, the qualifications of other auditors’ personnel who participated in the audit.” The PCAOB believes that application of a “risk-based supervisory approach to the lead auditor’s oversight of other auditors’ work should result in more appropriate involvement by the lead auditor in audits involving other auditors.” In addition, the PCAOB expects that providing additional specificity to the “principles-based supervisory requirements of PCAOB standards to the supervision of other auditors should help address the unique aspects of supervising other auditors.”
The amendments are designed to improve the quality of audits that involve other accounting firms and individual accountants “by increasing the lead auditor’s involvement in and evaluation of the work of other auditors.” The amendments are also intended “to align the applicable requirements with the PCAOB’s risk-based supervisory standards.” As summarized in the release, the amendments “are intended to improve PCAOB standards principally by (i) applying a risk-based supervisory approach to the lead auditor’s oversight of other auditors and (ii) requiring that the lead auditor perform certain procedures when planning and supervising an audit that involves other auditors.” Notably, where an audit involves another auditor “that plays a substantial role in the preparation or furnishing of the lead auditor’s report, the lead auditor may use the work of the other auditor only if the other auditor is registered with the PCAOB.”
The PCAOB expects the amendments to benefit investors and the public by mitigating information asymmetries between investors and the lead auditor and between the lead auditor and other auditors, improving audit quality and increasing “the likelihood that auditors detect material misstatements in the financial statements and material weaknesses in internal controls over financial reporting.” In addition, the PCAOB suggests, audit committee communications may be enhanced and and investors
“may benefit from the amendments indirectly. For example, under existing standards, the auditor is required to communicate to the audit committee its overall audit strategy, significant risks, and results of the audit, including work performed by other auditors, among other things. Because of the lead auditor’s enhanced involvement in the work of other auditors, the quality of communications with audit committees could also be enhanced, specifically as it relates to risks of material misstatements in the financial statements related to the component(s) of the company audited by the other auditor(s). Such enhanced discussions with the audit committee could improve the audit committee’s oversight of the audit by highlighting areas where audit committees and companies should increase attention to ensure the quality of their financial statements, including related disclosures. This increased attention by audit committees and companies could result in higher quality financial reporting, which benefits investors.”
For example, under the amendments to Auditing Standard 1301, in connection with its communications to the audit committee of its overall audit strategy, the auditor is advised to communicate to the audit committee, in “an audit that involves other auditors or referred-to auditors, the basis for the engagement partner’s determination that the participation of his or her firm is sufficient to serve as the lead auditor, if significant parts of the audit are to be performed by other auditors or referred-to auditors.” That communication could serve as a basis for further inquiry and discussion between the auditor and members of the audit committee.
As summarized in the release, the amendments:
- “Require that the engagement partner determine whether his or her firm’s participation in the audit is sufficient for the firm to carry out the responsibilities of a lead auditor and report as such. The amendments also provide considerations for the engagement partner to use in making this determination and require that the audit’s engagement quality reviewer review the determination.
- Require that the lead auditor, when determining the engagement’s compliance with independence and ethics requirements, understand the other auditors’ knowledge of those requirements and experience in applying them. The amendments also require that the lead auditor obtain and review written affirmations regarding the other auditors’ policies and procedures related to those requirements and regarding compliance with the requirements, and a description of certain auditor-client relationships related to independence. In addition, the amendments require the sharing of information about changes in circumstances and the updating of affirmations and descriptions in light of those changes.
- Require that the lead auditor understand the knowledge, skill, and ability of other auditors’ engagement team members who assist the lead auditor with planning and supervision, and obtain a written affirmation from other auditors that their engagement team members possess the knowledge, skill, and ability to perform assigned tasks.
- Require that the lead auditor supervise other auditors under the Board’s standard on audit supervision and inform other auditors about the scope of their work, identified risks of material misstatement, and certain other key matters. The amendments also require that the lead auditor and other auditors communicate about the audit procedures to be performed, and any changes needed to the procedures. In addition, the amendments require the lead auditor to obtain and review written affirmations from other auditors about their performance of work in accordance with the lead auditor’s instructions, and to direct other auditors to provide certain documentation about their work.
- Provide that, in multi-tiered audits, a first other auditor may assist the lead auditor in performing certain required procedures with respect to second other auditors.”
The PCAOB has also adopted a “new standard that applies to those infrequent situations where the lead auditor divides responsibility for a portion of the audit with another audit firm and therefore does not supervise the work performed by that firm. In these situations, the lead auditor refers in the audit report to the work of that auditor (i.e., a referred-to auditor).”
At 185 pages, the release is replete with detail about what will be expected of lead auditors in these circumstances. For example, under the amendments, with respect to “other auditors” involved in the audit, the lead auditor is advised to obtain “an understanding of the knowledge, skill, and ability of the other auditor’s engagement team members who assist the lead auditor with planning or supervision, including their:
- Experience in the industry in which the company operates; and
- Knowledge of the relevant financial reporting framework, PCAOB standards and rules, and SEC rules and regulations, and their experience in applying the standards, rules, and regulations.”
The lead auditor should also obtain a written affirmation from the other auditor that its engagement team members possess the knowledge, skill, and ability to perform their assigned tasks.”
There are also amendments relating to auditor independence and ethics requirements that “build on the existing, overarching responsibility of the auditor to determine compliance with independence and ethics requirements. The amendments are designed to position the lead auditor to identify matters that warrant further attention when determining the other auditor’s compliance with those requirements.” In an audit that involves other auditors, the lead auditor will need to perform procedures to determine each other auditor’s compliance with SEC independence requirements and PCAOB independence and ethics requirements. Those procedures would include, among other things, obtaining an understanding of the other auditor’s knowledge of the SEC and PCAOB independence and ethics requirements and experience in applying them, and obtaining from the other auditor and reviewing three documents:
- a written affirmation “as to whether the other auditor has policies and procedures that provide reasonable assurance that the other auditor maintains compliance with SEC independence requirements and PCAOB independence and ethics requirements, and if it does not, a written description of how the other auditor determines its compliance with the requirements”;
- a “written description of all relationships between the other auditor and the audit client or persons in financial reporting oversight roles at the audit client that may reasonably be thought to bear on independence pursuant to the requirements of paragraph (b)(1) of PCAOB Rule 3526, Communication with Audit Committees Concerning Independence; and
- a “written affirmation as to whether the other auditor is in compliance with SEC independence requirements and PCAOB independence and ethics requirements with respect to the audit client, and, if it is not in compliance, a written description of the nature of the instances of noncompliance.”
Under Rule 3526, auditors are required to communicate to the audit committee, before accepting an initial engagement and annually thereafter, a description, in writing, of “all relationships between the registered public accounting firm or any affiliates of the firm and the audit client or persons in financial reporting oversight roles at the audit client that, as of the date of the communication, may reasonably be thought to bear on independence.” Under the amendments, the lead auditor should obtain that information from the other auditor about its relationships and follow up on any contrary information. According to the release, the requirement “is designed to assist the lead auditor in obtaining information for determining compliance with SEC and PCAOB independence requirements and to facilitate auditor communications to the audit committee under Rule 3526.” Under that rule, the PCAOB “expects the primary auditor’s report to either include any covered relationships of any secondary auditors not affiliated with the firm or state that it does not do so.” The release states that the amendments do not change the applicability of Rule 3526 to the lead auditor’s representation, including with respect to unaffiliated firms.
In this June statement, Acting Chief Accountant Paul Munter addressed auditor independence—a topic of significant and recurring concern at the Office of Chief Accountant. The SEC, he observed, “has long-recognized that audits by professional, objective, and skilled accountants that are independent of their audit clients contribute to both investor protection and investor confidence in the financial statements.” Munter appeared to be especially concerned about the “decreased vigilance” and “ethical deterioration” that may arise out of “checklist compliance mentality.” The general independence standard of Rule 2-01(b), he observed, is at the heart of the auditor independence rule and employs a reasonable investor standard to assess whether the accountant is “capable of exercising objective and impartial judgment of all issues encompassed within the accountant’s engagement.” Under this standard, the SEC must take into account all relevant circumstances and relationships between the accountant and the audit client, beyond just reports filed with the SEC. The rule also provides a framework with four general guidelines for evaluating independence: auditor independence would be impaired if the circumstances or relationships “create a mutual or conflicting interest between the accountant and the audit client; place the accountant[s] in the position of auditing their own work; result in the accountant acting as management or an employee of the audit client; or place the accountant in a position of being an advocate for the audit client.” Munter has previously cautioned that it would require crossing a “high hurdle” to conclude that the accountant ”could remain objective and impartial when an auditor has provided services in any of the periods included in the filing that is contrary to any one of these guiding principles.”
Paragraph (c) of the rule provides a very long, but non-exclusive, list of examples reflecting the application of the general standard to particular circumstances where an accountant would not be considered independent. But, even in this context, Munter stressed, it is important not to lose sight of the general independence standard: independence can still be impaired even if a set of circumstances is not identified on the prohibited list of paragraph (c). Importantly, a determination of independence is not a “checklist compliance exercise under Rule 2-01(c)”; it also requires a more nuanced analysis under the general independence standard. It is important for companies to keep in mind that violations of the auditor independence rules can have serious consequences not only for the audit firm, but also for the audit client. For example, an independence violation may cause the auditor to withdraw the firm’s audit report, requiring the audit client to have a re-audit by another audit firm. As a result, in most cases, inquiry into the topic of auditor independence should certainly be a recurring menu item on the audit committee’s plate. (See this PubCo post.)