Last year, the Public Company Accounting Oversight Board issued a proposal to increase auditor vigilance against fraud and other forms of noncompliance with laws and regulations, known more commonly as NOCLAR.
The proposal, if adopted, would drastically change the scope of an audit for public firms, expanding the responsibility of auditors and the information CFOs and controllers would need to share, says Allison Henry, vice president of professional and technical standards at the Pennsylvania Institute of Certified Public Accountants in Philadelphia.
Henry shares how auditors and finance leaders can prepare if this proposal is approved by the Securities and Exchange Commission.
Can you summarize the PCAOB’s NOCLAR proposal and what it means for auditors?
The PCAOB’s NOCLAR proposal would fundamentally change the nature and scope of the audit by proposing to change the auditor’s responsibility for identifying noncompliance with laws and regulations.
Currently an auditor is required to identify NOCLAR that have a direct and material effect on the financial statements, such as tax and pension laws and regulations. Under the proposal, this would be greatly expanded to include those having an indirect impact on the financial statements, including operational compliance under EPA, OSHA, FDIC, FDA, FCPA, AML, privacy laws, tax laws and consumer protection laws.
Public audits are already a tedious process. If passed, how do you think this proposal will affect that process?
This would result in a significant expansion of the role of the auditor in an organization. The proposal would require the auditor to:
- Identify all the laws and regulations to which a company is subject.
- Assess and respond to risk of material misstatement due to noncompliance
- Identify whether there are instances of NOCLAR that have or may have occurred;
- Evaluate and communicate identified instances of NOCLAR that have or may have occurred.
They would need to deploy teams of attorneys as well as regulatory and compliance experts to perform the operational compliance audits. I think that the scope of the audit could present independence issues for the auditors. This would require additional internal company resources to address all of the teams of auditors. This could be a distraction for management away from operations.
The talent shortage is already evident in virtually every industry. If this is approved, how will the increased level of liability affect an already depleted auditing and accounting workforce?
The level of increase in auditors’ liability is a huge unknown. Auditors will be liable for exponentially more than they ever have before, but to what extent is to be determined.
It could also give auditors an incentive to leave the profession. This is such a radical change to the audit that accounting and finance professionals could decide to pursue other opportunities. Recruiting qualified talent could also be an extreme challenge.
There could also be a potential increase in the legal liability for companies that have to share sensitive information regarding potential legal and regulatory situations with auditors, which could ultimately nullify the attorney client privilege.
Regarding legal liability, auditors would have to identify all the laws and regulations to which a company is subject and identify whether there are instances of NOCLAR that have or may have occurred. This scope is so extreme it is unclear whether liability coverage would be available. If not, it could be a main deterrent, driving future auditors away from the profession.
The PCAOB’s proposal mentioned an expected increase in cost for audit firms. How and why is that the case?
In the U.S. Chamber of Commerce’s August 2, 2023, response to the PCAOB, they projected an increase of $36 billion over a baseline of $18.2 billion just for audit fees.
Firms will need to reformulate the audit methodologies, hire attorneys, forensic accountants and other specialists. They’ll have to develop new training materials, retrain staff, partners and managers, review quality control policies and procedures, expand the scope of quality review and peer review efforts and even change the college curriculum and CPA exam. This could take decades to accomplish.
Smaller firms may not be able to make the changes needed to perform this work, which could lead to the shuttering of smaller businesses and the consolidation and concentration of audits at larger firms.
Added costs would include the need to hire teams to monitor the ongoing regulatory compliance and legal environment and would involve continuous training. This is constantly evolving and has a long lag time. Ongoing variable costs to capture the deployment of new teams of auditors will be forced to go beyond the financial statement to focus on operational elements.
Is there an alternative that could be proposed to improve audit quality without increasing or expanding the scope of the existing duties of auditors?
If our goal is to improve the audit process, making auditors’ jobs harder is not the answer. We should be thinking about ways to improve in the areas of collaboration and transparency for which new and emerging technology can help.
Auditors are beginning to ramp up their use of technology on audits with data analytics, robotic process automation and new AI tools. I believe that this is the best way forward to improving audit quality.
