PCAOB Rules to Require Reporting of Critical Audit Matters and Enhanced Details in Public Company Audit Reports

by Cadwalader, Wickersham & Taft LLP
Contact

Cadwalader, Wickersham & Taft LLP

Auditors of public companies will be required to move beyond a simple “pass or fail” opinion and include significant new information in audit reports under rules proposed this year by the Public Company Accounting Oversight Board (the “PCAOB”)1 and recently approved by the Securities and Exchange Commission (the “SEC”).2 The adoption of Auditing Standard No. 3101, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion,3 and other related rules updates were the culmination of a six-year effort that represents the most substantial change to auditor reporting requirements since the 1940s, and brings U.S. auditing standards in line with similar standards adopted (i) by the International Auditing and Assurance Standards Board (“IAASB”),4 (ii) in the European Union,5 and (iii) in the United Kingdom.6 The changes, designed by the PCAOB to make audit reports and financial statements more meaningful to investors and the capital markets, are likely to seriously alter the determination among auditors, audit committees, and management about whether and how significant audit issues are identified and addressed, and how such issues will impact a company’s public disclosure obligations.

A.         Communication of Critical Audit Matters

The most significant impact of the new rules on public companies7 is the requirement that auditors identify and communicate critical audit matters (“CAMs”) within their audit report. The new rules do not supply a list of categories or types of CAMs, but instead provides a subjective, auditor-defined standard of “any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that (1) relates to accounts or disclosures that are material to the financial statements; and (2) involved especially challenging, subjective, or complex auditor judgment.”

In determining whether an audit issue “involved especially challenging, subjective, or complex auditor judgment,” the rules point auditors to several factors, including:

  • the auditor’s assessment of the risks of material misstatement, including significant risks;
  • the degree of auditor judgment related to areas in the financial statements that involved the application of significant judgment or estimation by management, including estimates with significant measurement uncertainty;
  • the nature and timing of significant unusual transactions and the extent of audit effort and judgment related to these transactions;
  • the degree of auditor subjectivity in applying audit procedures to address the matter or in evaluating the results of those procedures;
  • the nature and extent of audit effort required to address the matter, including the extent of specialized skill or knowledge needed or the nature of consultations outside the engagement team regarding the matter; and
  • the nature of audit evidence obtained regarding the matter.

For every matter arising from a financial audit that (a) was communicated or required to be communicated to the audit committee, and (b) relates to accounts or disclosures that are material to the financial statements, the auditor must document whether or not the matter was determined to be a CAM, and the basis for such determination. Such documentation must be in sufficient detail such that an experienced auditor, with no previous connection with the engagement, could understand the determinations made.8

If an auditor identifies a matter as a CAM, the auditor must include the CAM in the audit report, describe the principal considerations that led the auditor to determine that the matter is a CAM, describe how the CAM was addressed in the audit, and reference the relevant financial statements or disclosures. Alternately, if an auditor determines during the course of an audit that there are no CAMs, the audit report must contain a statement to that effect.

The new CAMs requirement is, according to SEC Chairman Jay Clayton, a response to investor requests for more specific information about how auditors reach their opinions, and is designed to provide the public with the auditor’s perspective on material audit matters discussed with the audit committee.9 The new rules for communication of CAMs go into effect for audits of “large accelerated filers” for fiscal years ending on or after June 30, 2019, and for all other issuers for fiscal years ending on or after December 15, 2020.

B.         Other Audit Report Enhancements

In addition, the new rules impose a number of enhancements designed to make audit reports more reliable and user-friendly, including:

  • Communication and Basis of Audit Opinion. The auditor’s unqualified opinion (which will retain the existing “pass or fail” determination), along with the basis for that opinion, will appear toward the top of the audit report in the first and second sections, respectively.
  • Disclosure of Auditor Tenure and Independence Statement. The audit report must include statements by the auditor disclosing the year in which it began serving consecutively as the issuer’s auditor, and acknowledging the requirement that the auditor maintain its independence.
  • Formatting of Audit Report. Section titles will be clearer and standardized, and certain language describing the auditor’s responsibility to obtain reasonable assurance that financial statements are free of material misstatements will be simplified. The final audit report must be addressed to the company’s shareholders and board of directors (or equivalents).

These audit report enhancements will go into effect for all audits of fiscal years ending on or after December 15, 2017.

C.         Industry Comments and Pushback

The PCAOB’s efforts in support of these new auditing standards stretched over six years and generated over fifty comments from investors, public companies, and accounting industry insiders, many of whom advocated against their adoption. The most vigorous arguments raised questions concerning the usefulness of including CAMs in audit reports, and whether the added cost and complexity would result in any added value to users of financial statements or simply would be duplicative of, or in conflict with, management disclosures. Commenters also raised concerns about including subjective auditor positions on CAMs in an audit statement, and the conflict that could result among auditors, audit committees, and management regarding how CAMs were identified and communicated. There were also concerns about whether communications about CAMs could run afoul of accounting industry standards regarding confidential client information, and whether these communications could be the subject of frivolous civil litigation.

D.         Conclusion

Despite concerns raised by industry commenters, the SEC’s unanimous approval of the new rules indicates an inclination by the current leadership to respond to longstanding calls for greater transparency around the audits of public companies, and an alignment with similar audit standards outside the United States. However, Chair Clayton addressed many of these concerns by asserting in comments that the PCAOB and the SEC would continue to monitor the results of implementation, conduct an analysis under the PCAOB’s Post-Implementation Review process, and be open to making future changes if the rules resulted in unintended consequences – all hallmarks of what he characterized as “high-quality regulatory decision-making.” Meanwhile, in the time leading up to the effective date, audit firms should prepare for how they intend to work with clients that are subject to the new rules on identifying, discussing, and communicating CAMs. And since the new rules do not include any templates or examples of what a CAM description should look like, there will be a learning curve as to how much detail should be provided to satisfy these new rules in the eyes of the PCAOB.

1   See PCAOB Release No. 2017-001, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion and Related Amendments to PCAOB Standards (June 1, 2017), available at https://pcaobus.org/Rulemaking/Docket034/2017-001-auditors-report-final-rule.pdf.

2   See SEC Release No. 34-81916, Public Company Accounting Oversight Board; Order Granting Approval of Proposed Rules on the Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion, and Departures from Unqualified Opinions and Other Reporting Circumstances, and Related Amendments to Auditing Standards (Oct. 23, 2017), available at https://www.sec.gov/rules/pcaob/2017/34-81916.pdf.

3   Auditing Standard No. 3101 applies to written audit reports in which the auditor expresses an “unqualified” opinion on the financial statements – i.e., a conclusion that the financial statements, taken as a whole, are presented fairly, in all material respects, in conformity with the applicable financial reporting framework.

4   In September 2014, the IAASB adopted new Auditor Reporting Standards which became effective in December 2016. See International Standard on Auditing 701, Communicating Key Audit Matters in the Independent Auditor’s Report, available at https://www.ifac.org/publications-resources/reporting-audited-financial-statements-new-and-revised-auditor-reporting-stan#node-32595.

5   In April 2014, the EU adopted legislation expanding reporting requirements for statutory auditors that were to be adopted by member states no later than June 2016. See Article 10, Audit Report, of Regulation (EU) No 537/2014 of the European Parliament and of the Council (Apr. 16, 2014), available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32014R0537.

6   In April 2016, the UK’s Financial Reporting Council incorporated the EU and IAASB requirements relating to key audit matters. See International Standard on Auditing (UK) 701, Communicating Key Audit Matters in the Independent Auditor’s Report (June 2016), available at https://www.frc.org.uk/getattachment/b250cf61-407f-4b1e-9f1c-e959174e1426/ISA-(UK)-701_final.pdf.

7   The requirement to communicate CAMs in an audit report does not apply to: (non-issuer) broker-dealers reporting under Rule 17a-5 of the Securities Exchange Act of 1934 (the “Exchange Act”); investment companies (other than business development companies); emerging growth companies as defined by Section 3(a)(80) of the Exchange Act; or employee stock purchase, savings, or similar plans. However, auditors may elect to voluntarily include CAMs in audit reports of such entities.

8   See Auditing Standard No. 1215, Audit Documentation, available at https://pcaobus.org/Standards/Auditing/Pages/AS1215.aspx.

9   See SEC Chairman Jay Clayton Public Statement, Statement on SEC Approval of the PCAOB’s New Auditor’s Reporting Standard (Oct. 23, 2017), available at https://www.sec.gov/news/public-statement/clayton-statement-pcaob-new-auditor-reporting-standard.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cadwalader, Wickersham & Taft LLP | Attorney Advertising

Written by:

Cadwalader, Wickersham & Taft LLP
Contact
more
less

Cadwalader, Wickersham & Taft LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.