I. Introduction
On September 15, 2010, the Public Company Accounting Oversight Board (the “Board” or the “PCAOB”) filed with the Securities and Exchange Commission (the “Commission”) a notice (the “Notice”) of proposed rules (File No. PCAOB 2010-01) on Auditing Standards Related to the Auditor's Assessment of and Response to Risk and Related Amendments to PCAOB Standards. Those eight auditing standards (hereinafter referred to as “Risk Assessment Standards”), which will supersede six of the Board's interim auditing standards, are:
- Auditing Standard (“AS”) No. 8, Audit Risk;
- AS No. 9, Audit Planning;
- AS No. 10, Supervision of the Audit Engagement;
- AS No. 11, Consideration of Materiality in Planning and Performing an Audit;
- AS No. 12, Identifying and Assessing Risks of Material Misstatement;
- AS No. 13, The Auditor's Responses to the Risks of Material Misstatement;
- AS No. 14, Evaluating Audit Results; and
- AS No. 15, Audit Evidence.
Notice of the proposed rules was published in the Federal Register on September 27, 2010. The Commission received two comment letters relating to the proposed rules. For the reasons discussed below, the Commission is granting approval of the proposed rules. As specified by the Board, the rules are effective for audits of fiscal years beginning on or after December 15, 2010.
See Release No. 34-62919 (September 15, 2010) [75 FR 59332 (September 27, 2010)]. The notice included a 21-day comment period. The comment period closed on October 18, 2010.
II. Description
The Board adopted eight auditing standards and related amendments that are designed to benefit investors by establishing requirements that enhance the effectiveness of the auditor's assessment of and response to the risks of material misstatement in an audit. Assessing and responding to risks underlies the entire audit process. The risk assessment standards that the PCAOB is replacing were part of the Board's interim standards and were in large part written twenty to thirty years ago. In adopting the new Risk Assessment Standards, the Board intended to build upon and improve the risk framework that was already established by the interim standards, rather than replacing that framework altogether.
Changes that the Board made to the interim standards reflect: Improvements that the PCAOB has observed in the audit methodologies of many registered firms; recommendations from academia; recommendations from the Board's Standing Advisory Group (“SAG”) and other groups; the adoption of AS No. 5, An Audit of Internal Control Over Financial Reporting That is Integrated with an Audit of Financial Statements; improvements made to similar risk assessment standards by other standard setters (e.g., the International Auditing and Assurance Standards Board (“IAASB”) and the Auditing Standards Board (“ASB”) of the American Institute of Certified Public Accountants); and observations from the Board's oversight activities.
Key changes made to the standards include an increased emphasis on fraud risks, an increased emphasis on disclosures, inclusion of multi-location audit requirements, an alignment of the standards with AS No. 5, and inclusion of a concept of materiality more specifically grounded to that used in the Federal securities laws.
III. Discussion
The Commission received two comment letters: One from Deloitte & Touche, LLP (“Deloitte”) and one from the Center for Capital Markets Competitiveness of the U.S. Chamber of Commerce (“CMCC”). Deloitte supported approval of the standards, while expressing certain concerns largely of a more general nature regarding the PCAOB's approach to standard-setting. The CMCC believed that the Risk Assessment Standards should not be approved, but rather sent back to the PCAOB in order for the PCAOB to address certain concerns, most of which also related to the PCAOB's overall approach to standard-setting as opposed to the particular standards at issue.
Integration of Fraud Risk Standard Into the Risk Assessment Standards
One of the significant changes to the Risk Assessment Standards was the incorporation of aspects of AU sec. 316, Consideration of Fraud in a Financial Statement Audit, into the Risk Assessment Standards. In explaining why the PCAOB incorporated portions of the fraud standard into the Risk Assessment Standards, it stated that:
Incorporating these requirements makes clear that the auditor's responsibilities for assessing and responding to fraud risks are an integral part of the audit process rather than a separate, parallel process. It also benefits investors by prompting auditors to make a more thoughtful and thorough assessment of fraud risks and to develop appropriate audit responses.
PCAOB Release No. 2010-004, August 5, 2010, p. 3.
The CCMC did not agree with the level of integration. The CCMC made a similar comment during the PCAOB's due process stage, which the Board addressed in its adopting release. This comment largely relates to a disagreement as to the manner in which the standards are constructed, as compared to the performance required of auditors. The Commission believes that the PCAOB has given due consideration to the comments received about this matter.
Effective Date
The effective date of the standards will be for audits of fiscal years beginning on or after December 15, 2010. The CMCC expressed concern about the effective date, stating that the effective date “would not allow adequate time for audit firms to revise their audit methodologies and train their audit staffs around the world for audits in 2011.” In response to similar concerns raised in its comment letter process, including from the CCMC, the PCAOB stated in its release that the underlying concepts of risk-based auditing have not changed, and therefore, while there are many incremental requirements in the updated standards, these standards should not require wholesale changes to audit methodologies. Any delay in the effective date of these standards would likely delay the implementation for most issuers for at least one year (e.g., the standards would not be applicable generally until calendar year 2012 audits related to audit reports to be issued in 2013).
PCAOB Release No. 2010-004, August 5, 2010, p. 8.
After considering the nature of the changes in the Risk Assessment Standards, the timing of Commission approval, and the fact that the standards will not be applicable to audits for which audit reports will be issued in 2011 (i.e., the first audit reports issued for which audits would be required to be conducted using the new standards would not be issued until 2012) we believe the PCAOB's approach for implementation is not unreasonable.
PCAOB Standard-Setting Process
Both commenters noted various concerns about the PCAOB's standard-setting process. The concerns identified included divergence from other standard-setters, what the commenters viewed as a “prescriptive” nature of the standards, the lack of a codification of PCAOB standards, the usefulness of the appendix that compares the PCAOB proposed standard to the similar standards of other standard-setters, and the use of certain terms in the standards. These comments all relate more to the PCAOB's overall approach to standard-setting than particular concerns with respect to the individual Risk Assessment Standards.
All of these comments are similar to those received by the PCAOB during its standard-setting process, which the Board addressed. For example with respect to divergence from other standard-setters, the Board noted the following:
In previous releases on its proposed risk assessment standards, the Board has stated that it has sought to eliminate unnecessary differences with the risk assessment standards and those of other standards-setters. However, because the Board's standards must be consistent with the Board's statutory mandate, differences will continue to exist between the Board's standards and the standards of the IAASB and ASB, e.g., when the Board decides to retain an existing requirement in PCAOB standards that is not included in IAASB or ASB standards. Also, certain differences are often necessary for the Board's standards to be consistent with relevant provisions of the federal securities laws or other existing standards or rules of the Board.
See PCAOB Release No. 2010-004, August 5, 2010, pp. A10-91—A10-92 (internal footnotes omitted).
The Board also noted that it “continually endeavors to improve its processes” and explained other initiatives it uses in both gaining input on its standard-setting activities (e.g., through its SAG and by releasing multiple exposure documents) and providing additional transparency of its standards-setting process (e.g., through posting its standards-setting agenda and enhanced discussions in its releases on the Board's conclusions). The Commission notes and encourages the Board's efforts to consider standards issued by the IAASB and the ASB, and appreciates the reasons why it is reasonable to expect that the Board's standards may appropriately differ from such standards. The Commission and its staff will continue to provide oversight of the Board and its staff's ongoing endeavor to improve its processes.
Regarding the “prescriptive” nature of the standards, we recognize that there should be an appropriate balance in auditing standards between providing necessary minimum requirements and allowing auditors to apply judgment in determining the nature and extent of audit procedures given the particular circumstances of an individual engagement. PCAOB standards recognize that the auditor uses judgment in planning and performing audit procedures and evaluating the evidence obtained from those procedures. We recognize, however, that overly broad standards without an appropriate balance of necessary requirements could lead to a level of discretion in the nature and extent of audit procedures that may limit the effectiveness of audits. The Commission believes the PCAOB's approach in the Risk Assessment Standards is not unreasonable and encourages the PCAOB to monitor implementation and evaluate the input received during the development of future standards to continue to strive to achieve an optimal balance.
Regarding a codification of the auditing standards, the Commission notes that the Board has recently added this project to its strategic plan and amended its performance measure on standard-setting activities to reflect this new initiative.
IV. Conclusion
On the basis of the foregoing, the Commission finds that the proposed PCAOB Rules on Auditing Standards Related to the Auditor's Assessment of and Response to Risk and Related Amendments to PCAOB Standards (File No. PCAOB-2010-01) are consistent with the requirements of the Sarbanes-Oxley Act of 2002, as amended (the “Act”) and the securities laws and are necessary or appropriate in the public interest or for the protection of investors.
It is therefore ordered, pursuant to Section 107 of the Act and Section 19(b)(2) of the Securities Exchange Act of 1934, that the proposed PCAOB Rules on Auditing Standards Related to the Auditor's Assessment of and Response to Risk and Related Amendments to PCAOB Standards (File No. PCAOB-2010-01) be and hereby are approved.
By the Commission.
Elizabeth M. Murphy,
Secretary.
[FR Doc. 2010-32885 Filed 12-29-10; 8:45 am]
BILLING CODE 8011-01-P