The Public Company Accounting Oversight Board intends to update some of its older auditing standards, some of which it inherited two decades ago from the American Institute of CPAs after passage of the Sarbanes-Oxley Act of 2002, and not a moment too soon.
Last month, the PCAOB proposed a draft five-year strategic plan under its mostly new set of board members who have been prodded by Securities and Exchange Commission chair Gary Gensler to move more quickly on updating the antiquated standards (see story).
“When it comes to modernizing our standards, earlier this year, the board announced one of the most ambitious standard-setting agendas in the PCAOB’s history,” PCAOB chair Erica Williams said during a meeting in announcing the plan. “Now, halfway through the first year of this new board, we are already working to update more than 25 standards within eight standard-setting projects.”
The five short-term projects on the current agenda include quality control, noncompliance with laws and regulations, attestation standards, going concern and confirmations, with proposals that are supposed to come out before the end of this year. So far, only a standard on the use of other auditors has been finalized and approved by the SEC. On the midterm agenda are upcoming projects on substantive analytical procedures, fraud, and interim ethics and independence standards. The PCAOB is also working on research projects on auditing data and technology as well as audit evidence.
The confirmation standard, AS 2310, is one that’s badly in need of updating given all the technology changes over the years.
“When those standards were released on the confirmation front, the primary confirmations were being facilitated through the mail,” said Adam Hallemeyer, a partner and deputy chief auditor at RSM US in San Diego. “It’s a very different environment today. The PCAOB is looking at the business environment, the adoption and expansion of technology and how it’s used in an audit, looking for opportunities to enhance these standards, revise them, update them to keep pace with how the the audit is being conducted in the current environment.”
Auditing software keeps evolving, and more firms are using technology like data analytics, artificial intelligence and robotic process automation to speed the process and examine more transactions.
“Robotic process automation is a great example where there’s some frustration about being slow to figure that out, but it’s not inherent to the transaction itself,” said Jay Schulman, a principal with RSM US and national leader of the blockchain and digital assets practice. “It’s really going back to how we deal with a robot that’s doing all these tasks, when we used to look at it as a human that was doing all these tasks or controlling the system. Here I think the difference is replacing robotic process automation with robotic financial automation and you all of a sudden bring in valuation and impairment and all of these other financial issues that generally would never even show up.”
The PCAOB has been working over the years on developing audit quality indicators as well and the quality control project is on the agenda.
“When I think about the quality control standards, this is a topic that is foundational to the profession and CPA firms,” said Hallemeyer. “The same topic is being evaluated internationally, and that’s one that the profession is following closely. From a global firm perspective, we have operations across the globe and we’re trying to understand how quality control influences all of the various firms that participate in an audit. The quality control standard is one that is exciting to follow and I’m curious to see where the PCAOB lands from that perspective.”
The uncertainty in today’s economy about whether the U.S. is currently in a recession or may be heading into one next year could prompt more interest in updating the old going concern standard.
“I think going concern is likely on the list because it is one of those interim standards that the PCAOB inherited from the AICPA,” said Hallemeyer. “In any year, going concern is a relevant topic in an evaluation that auditors go through. As the economy ebbs and flows, you typically see more or fewer going concern opinions just depending on how clients’ operations and their business transactions unfold. When I look at their standard-setting agenda, I don’t read into it the need to have going concern on their standard-setting agenda because of any of the headlines or the discussions around whether or not we are in a recession. I just think this is something that is obviously of importance to investors. It’s an important indicator that when relevant and necessary, it does end up in the auditor’s report. This is another area where the PCAOB’s initial goal was to embrace the interim standards that were in place when the PCAOB was created, but then follow suit with their own.”
The NOCLAR project, according to the PCAOB agenda, is supposed to consider changes in auditors’ consideration of possible noncompliance with laws and regulations, including how illegal acts by clients should be revised to integrate a scalable, risk based approach.”
“That probably falls into a similar category as the going concern standard,” said Hallemeyer. “It’s one that was adopted through the interim standards, and the PCAOB has a goal and a mission of going through and revising those standards that they’ve adopted from the standards in place when the PCAOB was created. The requirement as it relates to noncompliance with laws and regulations is something that maybe over the last couple of years has gotten a lot of attention, when you think about some of the headline frauds that have occurred, whether or not those were situations that the auditors should have identified is an interesting question. The standard lists a number of specific considerations and thresholds, and provides auditors with guidance as to the responsibilities related to laws and compliance and makes it very clear that audit firms and CPAs are not attorneys, so going through this evaluation helps us understand the risk to the financial statements and then identify where there are potential occurrences of noncompliance with laws and regulations.”
One item on the midterm agenda involves considering changes to an auditor’s use of substantive analytical procedures to better align with the auditor’s risk assessment and to address the increasing use of technology tools in performing these procedures,
“Currently audits use a lot of analytical procedures,” said Hallemeyer. “Think about when that standard was first rolled out. The primary tool that auditors used to perform these analytics was Excel. Excel still is a very loved tool within the audit profession, but there are plenty of other tools now that make it very helpful, useful and effective to perform analytics that go well beyond the capabilities of Excel.”
He doubts the existing standard is holding up firms from adopting new auditing technology.
“When I think about the advancement in tools and technology that are used during the course of an audit and where those have had a very meaningful impact on the procedures that we performed, substantive analytics comes to mind,” said Hallemeyer. “I think there is a great opportunity for the profession to continue to leverage these tools, expand and embrace more or different types of analytics, feeding off of different data sets or different information that our clients that maybe in the past we wouldn’t have had the opportunity to, but this new technology allows us to pull it into a more useful fashion and gain deeper insights into the client base off of this data that this technology has enabled us to feed into the audit.”
The PCAOB is doing a research project on data and technology, which will probably need to deal with auditing digital assets such as cryptocurrency. The AICPA issued guidance this year on digital assets, and the Financial Accounting Standards Board recently decided to take on a digital assets standard project that will focus on cryptocurrency after hearing demands to improve on the AICPA’s guidance (see story).
“One of the first tasks many years ago was what is Bitcoin, and we came up with intangible,” said Schulman, who sits on the AICPA working group for the auditing and accounting of digital assets. “People tend to disagree with that, but we weren’t allowed to change the framework, so that’s where it falls. But as we walked through all of the different things that Bitcoin could be, we realized that when you change one thing, there’s a hundred downstream effects that follow when you do that. The downstream issue of an intangible is the lower cost to market. That’s the issue in front of the FASB today. It’s a mistake to think about it as one thing that’s going to solve this, or is in most need of being fixed. Three or four years ago, the thought was that this is going to fit. I think we’re coming to the conclusion that there are potentially going to need to be some changes to accommodate digital assets or all of the different kinds of technological innovations that are being built around blockchain. That can be on the accounting side, or it could be on the audit side. I wouldn’t be surprised if the agendas of all the standard-setters continue to have these items on there for a long time to come.”