Share via

The mark of quality is continuous improvement. The Public Company Accounting Oversight Board (US PCAOB) has proposed to strengthen the auditing requirements with respect to identifying, evaluating, and communicating noncompliance with laws and regulations, dramatically increasing the scope and extent of an auditor’s responsibility.

To achieve this objective, the PCAOB issued a Proposal for public comment, laying out the proposed new AS 2405 and amendments to other standards. PCAOB chair Erica Williams while explaining the proposal commented that, legal violations “can have devastating consequences for investors” and that “we have seen far too many examples of investors getting hurt due to noncompliance with laws and regulations.”

The following table illustrates the scope and coverage of the existing standard and the proposed standard:

Standard	Scope	Coverage
Existing	Narrow	Auditors to detect and report violations of laws and regulations that impact the financial statement content and presentation or tax liabilities. They must detect and report the misstatements arising from illegal acts that have a direct material impact on the financial statements.
Proposed	Broad	Auditors will need to: –        Plan and perform procedures to identify noncompliance with laws and regulations which could reasonably have a material effect on the financial statements. –        Evaluate and respond to the risks of material misstatement of the financial statement due to noncompliance with laws and regulations. –        Identify if there is information indicating that the noncompliance has or may have occurred.

A simple reading of the proposed standard will bring to notice that complete adherence to the standard is rather challenging. While the idea of strengthening the current AS 2405 is reasonable, the coverage of the proposed AS 2405 is extensive as the words used signify that all noncompliance, whether having an impact on financial statements or not, must be evaluated and communicated.

Noncompliance to laws and regulations, including fraud, is impermissible and unacceptable as the consequences hurt the investors. To comply with the proposed and maybe subsequently adopted AS 2405, the following steps have been suggested in the proposal by PCAOB:

To identify noncompliance, an auditor must first enhance risk assessment procedures by including more specific requirements with regard to:

• Understanding the company, its business, and its regulatory environment.
• Chalk out the laws and regulations relevant to the company; noncompliance of which can have a material impact on the financial statements.
• Learn the existing management approach to prevent, identify, investigate, evaluate, communicate, and remediate instances of noncompliance with laws and regulations.
• Management’s approach to responding to complaints from internal or external parties of noncompliance with laws and regulations. This includes responses to specialist reports and any regulatory reports.
• Understand how management evaluates potential accounting and disclosure implications of noncompliance with laws and regulations, including fraud.
• Interact with various stakeholders to understand and assess how robust the current mechanism is.

To evaluate the information that the auditor discovers during an audit, a thorough understanding must be obtained, and the likeliness of noncompliance must be established. The auditor must then assess the impact of the noncompliance on the financial statements and communicate the matter to management and the audit committee as soon as possible.

KNAV’s direction to the adoption of the proposed standard

• A proactive approach by auditors to understand the extent of the proposed standard and its application.
• A thorough understanding of all laws and regulations applicable to the company.
• Determine the laws and regulations relevant to the company and their impact on financial statements.
• Measure the risk of noncompliance to laws and regulations and assign a risk score.
• Understand the internal controls in place to ensure compliance with all laws and regulations.
• Test the controls in place based on the risk score. Suggest controls if current controls are inadequate.
• Elaborate the risk assessment procedures to include more specific requirements.
• Seek information regarding noncompliance to laws and regulations by obtaining recent regulatory reports and understanding the circumstances around it.
• Understand management’s response to such noncompliance and remedial actions in place. Also, understand the controls put in place to ensure no reoccurrence of noncompliance in the future.
• For laws that the auditor has no expertise on, specialist reports must be obtained after establishing the specialist’s credibility. For example, a report on environmental hazards caused by a manufacturing unit will require a specialist report which the auditor may rely on.
• Identify, evaluate, and communicate any noncompliance to laws and regulations that come to the surface during the course of an audit.
• Periodic review to ensure the internal controls are robust and the risk of noncompliance to laws and regulations is mitigated.

Strengthening standards ensures better quality audits, and the PCAOB is relentlessly working towards it. Application of some standards may be challenging; however, by keeping investor welfare at the heart of the issue, auditors will need to adapt and be more vigilant.