At its open meeting on August 13, 2013, the Public Company Accounting Oversight Board (“PCAOB”) proposed two new auditing standards that would significantly affect the role auditors play in providing information about public companies to investors and other users of financial statements. The two new proposed auditing standards are:
- The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion (the “proposed auditor reporting standard”),[1] which would modify the content and format of the existing auditor’s report. In particular, the proposal would require the auditor to provide new information with respect to both “critical audit matters” and its evaluation of “other information”;[2] and
- The Auditor’s Responsibilities Regarding Other Information in Certain Documents Containing Audited Financial Statements and the Related Auditor’s Report (the “proposed other information standard”), which sets out the auditor’s responsibilities with respect to a review and evaluation of “other information.”[3]
The proposed standards are designed to provide investors and other financial statement users with more information about the audit, the auditor and the auditor’s responsibilities for other information contained in documents that include (or incorporate by reference) audited financial statements and the related auditor’s report. The PCAOB also proposed amendments to existing auditing standards to conform them to the proposed standards.[4] The 120-day comment period for the proposed auditing standards ends December 11, 2013.
We believe both proposed auditing standards will draw significant comment. With respect to the proposed other information standard, we expect comments will principally focus on the incremental liability associated with addressing the auditor’s work in that regard to investors and other users of financial statements in the auditor’s report. With respect to the proposed auditor reporting standard, we expect the principal focus will be on the value of the additional information to investors. Comments may also address whether the proposed standards would negatively impact the relationship and communications between the auditor and management or the auditor and the audit committee.
Background
The proposed standards represent the culmination of extensive consideration and outreach activities conducted by the PCAOB over the last several years. In the Proposing Release, the PCAOB noted its statutory mandate under the Sarbanes-Oxley Act to “protect the interests of investors and further the public interest in the preparation of informative, accurate and independent auditor’s reports.”[5] In June 2011, the PCAOB issued a concept release seeking public comment on potential changes to the auditor’s reporting model,[6] and in September 2011 held a roundtable about the auditor’s reporting model.
Over the course of this process, the PCAOB concluded that changing the auditor’s report had the potential to improve the value of the report and to enhance the relevance of the auditor’s reporting model. The Concept Release suggested several ways the report might be changed. The suggested alternatives were (1) a supplemental narrative report, described as an “auditor’s discussion and analysis” (“AD&A”), (2) expanded use of emphasis paragraphs, (3) auditor assurance on other information outside the financial statements, and (4) clarification of certain aspects of the standard auditor’s report. While commenters largely agreed the existing auditor’s report provided little informational value about any specific audit beyond the “pass/fail” conclusion as to whether, in the auditor’s view, the financial statements are fairly presented, and generally supported the effort to update and enhance auditor reporting standards, there were widely divergent views about the nature and extent of the changes that should be made.[7] Investors, in particular, indicated they would benefit from having access to the insights obtained by the auditor during the audit. Financial statement preparers, however, were generally of the view that there was little need for changes to the substantive content of the report and that auditors should not be providing, as opposed to auditing, financial information. Auditors supported certain changes but indicated that expanded reporting should be objective and factual, noting that any changes would likely require additional effort, thereby increasing audit costs, and carried significant potential for increased auditor liability.
The Proposing Release suggests the proposed standards are designed to achieve a balance between what investors are seeking and what issuers and auditors are prepared to provide, and notes the PCAOB’s belief that the proposed standards “provide many of the benefits described in the [Concept Release] regarding an AD&A, required and expanded emphasis paragraphs, and auditor assurance on information outside the financial statements … [and] should eliminate or reduce some of the challenges mentioned by commenters….”[8] The Proposing Release also suggested that, while the proposed standards would require additional work by the auditor, in the PCAOB’s view the amount of incremental work would be limited.[9]
The Proposed Auditor Reporting Standard
The proposed auditor reporting standard would serve two principal purposes. First, it would revise the auditor’s report to require additional content. It would require the auditor to communicate “critical audit matters” relevant to the audit. This disclosure would focus on those matters the auditor addressed during the relevant audit that involved the most difficult, subjective or complex auditor judgments, or posed the greatest difficulty to the auditor in obtaining sufficient appropriate evidence or in forming its opinion on the financial statements. It would also require disclosure of the auditor’s responsibility for, and evaluation of, certain other information (as described in Section III below). Second, the proposed auditor reporting standard would make several changes to the format of the report, including expanding the discussion of independence, requiring disclosure of the auditor’s tenure, and enhancing certain standardized language.
The proposed changes, while largely accretive in nature, are significant. The proposed standard retains the “pass/fail” model of the existing auditor’s report, and continues to require the auditor to indicate whether, in its view, the financial statements are fairly presented. That baseline requirement remains essential for the auditor to express an unqualified opinion. More generally, the proposed auditor reporting standard would supersede the portions of existing AU Section 508, Reports on Audited Financial Statements (“AU 508”), that relate primarily to an unqualified opinion. Existing AU 508 would, however, be amended and retitled “Departures from Unqualified Opinions and Other Reporting Circumstances”, and would continue to be relevant in that capacity.
Critical Audit Matters
The Proposing Release notes that, in developing the proposed auditor reporting standard, the PCAOB attempted to take into account investor requests for information about matters arising during the audit process. But where the proposed approach in the Concept Release could have potentially required a fundamental change in the auditor’s role from one of attesting to information prepared by management to providing instead an analysis of financial statement information,[10] the PCAOB has instead proposed a requirement that the auditor communicate, in the auditor’s report, “critical audit matters” arising during the audit. The Proposing Release notes that “[c]ommunicating critical audit matters likely would provide meaningful information to investors and other financial statement users about the auditor’s work in performing the audit and in forming an opinion on the financial statements, taken as a whole.”[11] This communication “could focus investors’ and other financial statement users’ attention on challenges associated with the audit that may contribute to the information used in investment decision making.”[12]
The proposed auditor reporting standard describes “critical audit matters” as matters that (1) involved the most difficult, subjective or complex auditor judgments; (2) posed the most difficulty to the auditor in obtaining sufficient appropriate evidence; or (3) posed the most difficulty to the auditor in forming an opinion on the financial statements. As noted in the proposed standard, these matters ordinarily would have been documented in the auditor’s “engagement completion” document, reviewed by the engagement quality reviewer or communicated to the audit committee (or a combination of those sources). In determining whether a matter is a “critical audit matter,” the auditor should take into account the non-exclusive list of factors set out in the proposed standard, as well as other factors specific to the audit. Depending on the matter and its circumstances, the existence of only one factor may be sufficient; in other cases, the auditor may need to consider a combination of factors.[13] Under the proposed standard, critical audit matters would be determined based on the facts and circumstances of each audit. The proposed standard emphasizes that, in most audits, it is expected that the auditor would determine that there were critical audit matters.
The Proposing Release explains that the auditor’s responsibility to report on critical audit matters is not subject to any exceptions for types of entities, and that “[s]ince no two audits are alike, there may be critical audit matters even in an audit of a company with no operations or activities.”[14] In addition, while the proposed auditor reporting standard only requires disclosure of critical audit matters relating to the audit of the current period’s financial statements, it also provides that the auditor should consider communicating critical audit matters for prior periods either when the prior period’s financial statements are made public for the first time (such as in the case of the first annual report following an initial public offering) or when issuing an auditor’s report covering a prior period because a previously issued auditor’s report could no longer be relied upon. If the auditor determines there are no critical audit matters, then that determination must be stated in the auditor’s report.
If the auditor has determined that there are matters which are critical audit matters, it must describe them in the report. The auditor must (1) identify each critical audit matter; (2) describe the considerations that led the auditor to determine that the matter is a critical audit matter; and (3) when applicable, cross-reference the relevant financial statement accounts and disclosures in the notes to the financial statements that refer to the critical audit matter.
Under the proposed standard, the auditor is also prohibited from including language that could be viewed as disclaiming, qualifying, restricting or minimizing the auditor’s responsibility for the critical audit matters or the auditor’s opinion on the financial statements. As the Proposing Release notes, “[c]ritical audit matters … are matters that have been addressed by the auditor and, therefore, should not be described to imply that a critical audit matter disclaims or qualifies the auditor’s opinion on the financial statements.”[15] It is not clear how this statement would be applied in practice. For example, if a critical audit matter involves valuation that requires an exceptional amount of professional judgment and relatively few (or no) clearly identifiable data points, would that be viewed as an appropriate description of the circumstances identifying a critical audit matter, or would it be viewed as a disclaimer? Finally, the description of critical audit matters must be set out under a subheading of “Critical Audit Matters”, and must be introduced using language prescribed in the proposed auditor reporting standard.
Appendix 5 to the Proposing Release sets out three hypothetical examples of critical audit matters to assist financial statement preparers and auditors in understanding how these determinations will be made, what the relevant disclosure will entail and how that disclosure will dovetail with the company’s financial statement disclosures. Each of the three illustrative examples contains background information, the company’s related notes to the financial statements, the determination of whether the matter is a critical audit matter, and the communication of the critical audit matter as it would appear in the auditor’s report. These fairly complex fact patterns, which consider issues around allowance for sales returns, valuation allowance for deferred tax assets, and the fair value of fixed-maturity securities held for investment that are not actively traded, go into significant detail and help explain what the PCAOB envisions in terms of both process and end result.[16]
The hardest audit issues and the most difficult audit judgments are currently an important subject among auditors, management and audit committees, and indeed the PCAOB’s recently adopted Auditing Standard No. 16, Communications with Audit Committees, would appear to be intended to promote discussions of the subject. One of the potential pitfalls of the proposal is that it will chill these communications because of the potential implications for disclosure in an auditor’s report.
The proposed auditor reporting standard requires the auditor to document its determination of critical audit matters (in accordance with Auditing Standard No. 3). This audit documentation must include sufficient information to enable an experienced auditor who has no previous connection with the engagement to understand the basis for the auditor’s determination that, first, each reported matter was a critical audit matter, and second, each non-reported audit matter addressed in the audit that would “appear to meet the definition of a critical audit matter” was not a critical audit matter. As noted by Board Member Ferguson at the open meeting, one benefit of this approach is that it “allows auditors substantial latitude to exercise professional judgment in determining what items to include as [critical audit matters] but constrains the judgment by an objective standard, the reasonable and experienced auditor looking at the same evidence.”[17] The Proposing Release further notes that “requiring documentation of the auditor’s determination of such matters not communicated might have the indirect effect of preventing the omission of a critical audit matter due to potential management pressure to exclude the matter from the auditor’s report.”[18] This requirement will also provide documentation (and a documentation requirement) for use by the PCAOB inspection staff in determining whether this element of the proposals, if adopted, has been properly implemented by auditors.
Other Changes to the Auditor’s Report
The proposed auditor reporting standard proposes a number of changes to the format of the current report. The proposed framework for an unqualified report[19] would include three main items: (1) the “basic” elements, which would typically be included in most auditor reports, whether unqualified or qualified; (2) the communication of critical audit matters (as described in Section II.A above); and (3) other explanatory language (or an explanatory paragraph), as appropriate.
Most of the “basic” elements have been retained from existing auditor reporting standards, although in certain cases the language has been slightly revised in an effort to make it clearer or otherwise improve it. The proposed auditor reporting standard also incorporates certain elements from the illustrative reports that accompany those existing standards (which are not required by the existing auditing standard, but which the PCAOB understood to be generally included in auditor’s reports filed with the SEC). In addition, the proposed auditor reporting standard adds information about the audit and the auditor. Importantly, however, the proposed auditor reporting standard retains the pass/fail model of the existing auditor’s report, which the PCAOB noted was something that commenters supported because it clearly conveys the auditor’s opinion as to whether the financial statements are fairly presented.[20]
The most noteworthy changes to the basic elements of the auditor’s report are the following:
- Requiring the auditor to include a statement in the auditor’s report that it is a public accounting firm registered with the PCAOB (United States), and is required to be independent with respect to the company in accordance with U.S. federal securities laws and the rules and regulations of the SEC and the PCAOB. Currently, the auditor’s report does not provide any information about the independence of the auditor (aside from the use of the word “independent” in the title of the report itself), nor does it require the auditor to state that it is registered with the PCAOB (but registration itself is required under PCAOB Rule 2100).
- Requiring the auditor’s report to state the year the auditor began serving as the company’s auditor (or, if the year cannot be determined, to state that and to give the earliest year for which such a statement can be made). The Proposing Release notes that, while there is no firm conclusion as to whether auditor tenure is a positive or negative influence on audit quality, investors have a strong interest in this information and that, in light of public interest in the subject, the PCAOB is proposing that tenure information be included in the auditor’s report.[21]
- When the auditor’s report is included in a company’s annual report filed with the SEC under the Securities Exchange Act of 1934, as amended (the “Exchange Act”), requiring the auditor to refer to, and describe its evaluation pursuant to, the proposed other information standard (see Section III below).
- Requiring the report to be addressed to (at least) “investors in the company, such as shareholders”[22] and the board of directors. This departs from the existing standard, which permits the report to be addressed to the company, its board, or its stockholders. Most, but not all, auditor’s reports are currently addressed to stockholders, and the PCAOB believes this change would promote consistency in the addressees. In addition, however, the Proposing Release indicates the auditor should determine whether non-equity investors would be appropriate addressees, a significant departure from current practice.[23]
- Requiring specific clarification that the report covers all notes to the financial statements and all related schedules (although it would not apply to supplemental schedules that are not considered part of the financial statements).
- Revising the auditor’s report to recognize the auditor’s existing responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatements “whether caused by error or fraud.” The addition of the phrase “whether caused by error or fraud” would help clarify the auditor’s responsibility for readers, but, according to the Proposing Release, is not intended to modify an auditor’s existing responsibilities with respect to the audit.
Potential Commenter Issues
Various commentary in the Proposing Release attempts to address, in advance, some of the issues that are likely to be raised by commenters. One issue in particular is whether the inclusion of information regarding critical audit matters is more provocative than meaningful. For example, it may not necessarily be the case that the issues on which the auditors and the company spend the most time are the issues that would be of greatest interest to investors, or that every issue of relevance will be deemed critical. In the Proposing Release, the PCAOB has attempted to deflect some of this potential criticism, noting that “…as critical audit matters … would not be something that investors and other financial statement users are accustomed to reviewing or analyzing, [they] could misunderstand the meaning of a critical audit matter. Further, investors may not understand that information important to an investment decision may not be highlighted as a critical audit matter. However, as financial disclosures have changed over time, investors and other financial statement users are accustomed to reviewing or analyzing new or different information. Therefore, such users should have the ability to interpret the meaning of critical audit matters communicated in an auditor’s report.”[24] Nonetheless, as already noted, the PCAOB itself has recognized that highlighting critical audit matters could very well undermine the pass/fail nature of the current report, leaving readers to speculate on the reliability of the information that is the subject of the critical audit matters.
Another issue the Proposing Release discusses is whether the inherent lack of standardization of part of the auditor’s report could be problematic. The Proposing Release notes that companies and audit committees in particular may be concerned about such differences both as between auditors’ reports for prior periods and auditors’ reports relating to the company’s competitors, but goes on to suggest that investors would “expect differences in auditors’ reports among companies and reporting periods” and are “accustomed to analyzing company-specific information.”[25] That said, the lack of uniformity, coupled with the necessarily speculative implications of the new information, may well undermine comparability without providing commensurate additional benefits.
Finally, auditors will likely be concerned about potential liability resulting from the proposed changes in the auditor’s reporting model. The PCAOB explicitly recognized in the Proposing Release that the auditor would be making new statements in the auditor’s report that could raise liability concerns. It noted, however, that the communication of critical audit matters would involve matters already addressed by the auditor in forming its opinion on the financial statements, and that the PCAOB has sought a “balanced approach that would promote more informative reporting about the audit (1) in a focused way and (2) that would not fundamentally change the auditor’s current role of attesting on information prepared by management.”[26] Nevertheless, the potential for increased liability is one of the many issues on which the PCAOB has requested comment.[27]
The Proposed Other Information Standard
The proposed other information standard is designed to provide investors with additional information about the auditor’s responsibility for “other information.” The proposed standard describes “other information” as information (other than the audited financial statements and the related auditor’s report, but including certain specified information that is incorporated by reference) included in a company’s annual report filed with the SEC under the Exchange Act (i.e., its Form 10-K, Form 20-F or similar filing).[28] The proposed other information standard would supersede existing AU Section 550, Other Information in Documents Containing Audited Financial Statements (“AU 550”), and related AU Section 9550, which includes auditing interpretations of AU 550, and is intended to “improve the auditor’s procedures and enhance the auditor’s responsibilities with respect to other information, further protecting the interests of investors.”[29]
The proposed other information standard is, in some respects, related to a proposal initially introduced in the Concept Release. That Concept Release proposal suggested creating an alternative for enhanced auditor reporting by requiring auditor assurance on other information outside the financial statements. Investors, however, generally were not supportive of auditor assurance in this context because it would not be responsive to their information needs.[30]
The proposed other information standard would expand the requirement under AU 550 that the auditor “read and consider” other information contained in certain annual reports that include audited financial statements. If the auditor believes that information, or the manner of its presentation, is materially inconsistent with information appearing in the financial statements, or if the auditor becomes aware of information it believes to be a material misstatement of fact, the auditor must take certain specified steps.
Under the proposed other information standard, if the auditor identifies a potential material inconsistency or a potential material misstatement of fact, then it must discuss the matter with the company’s management, and may be required to perform additional specified procedures to determine if there is actually a material inconsistency or material misstatement of fact. If a material inconsistency or material misstatement of fact exists, the auditor should ask management to revise the other information to address it. If management fails to appropriately revise the other information, then:
- If the other information has been provided before the relevant auditor’s report has been issued, the auditor should communicate the information to the company’s audit committee in a timely manner and before the auditor’s report is issued, and if the other information is still not appropriately revised, the auditor should (1) determine its responsibilities under Section 10A of the Exchange Act[31] and applicable auditing standards, and (2) either (a) issue an auditor’s report that identifies the existence of, and describes, the material inconsistency or material misstatement of fact, or (b) withdraw from the audit engagement.
- If the other information has been provided after the relevant auditor’s report has been issued (for example, if it relates to information incorporated from a later-filed proxy statement), the auditor should communicate the information to the company’s audit committee in a timely manner, and if the other information is still subsequently not appropriately revised, the auditor should determine its responsibilities under Section 10A and applicable auditing standards.
The Proposing Release makes clear that an auditor can state it has not identified a material inconsistency or a material misstatement of fact in the other information in situations where something was identified by the auditor during the audit process and management subsequently made appropriate revisions prior to the issuance of the auditor’s report.[32] Accordingly, a likely outcome for most auditor’s reports will be that the auditor will be in a position to state that no material inconsistency or material misstatement has been identified once appropriate revisions have been made by management.
The proposed other information standard is intended to enhance the existing requirements of AU 550 by, among other things, (1) enhancing the auditor’s responsibility with respect to other information by adding procedures for the auditor to perform in evaluating the other information based on relevant audit evidence obtained and conclusions reached during the audit; (2) requiring the auditor to affirmatively evaluate whether the other information contains material misstatements of fact or material inconsistencies; and (3) requiring communication in the auditor’s report regarding the auditor’s responsibilities for, and the results of, the auditor’s evaluation of the other information. Under the proposed standard – which, as previously noted, would apply only to other information in the company’s annual report filed under the Exchange Act – the auditor would have a specific basis to describe its responsibilities for, and the results of, its evaluation of other information. The Proposing Release notes that these new procedures would “focus the auditor’s attention on the identification of material inconsistencies between the other information and the company’s audited financial statements and on the identification of material misstatements of fact, based on relevant evidence obtained and conclusions reached during the audit.”[33]
The Proposing Release also sets out one significant clarification as to the extent of the auditor’s procedures – namely, that since some of the other information that is not directly related to the financial statements may be non-financial in nature or related to the company’s operations, the auditor may not have obtained evidence or reached any conclusion regarding that information during the audit. Under the proposed other information standard, however, the auditor’s evaluation of other information is based on relevant audit evidence obtained and conclusions reached during the audit. The auditor is not required to perform any additional procedures to obtain additional evidence regarding other information that is not directly related to the financial statements if that evidence was not required to be obtained during the audit.[34]
The procedures that an auditor would be required to perform are in certain ways similar in scope to procedures that an auditor might perform for an underwriter as part of the comfort process under AU Section 634, Letters for Underwriters and Certain Other Requesting Parties (“AU 634”). Specifically, the proposed other information standard would require:
- For amounts in the other information that are intended to be the same as, or provided greater detail about, amounts in the financial statements, the auditor must evaluate the consistency of such amounts in the other information, and the manner of presentation, with the financial statements or relevant evidence obtained during the course of the audit;
- For any qualitative statement in the other information that is intended to represent, or provide greater detail about, information in the financial statements, the auditor must evaluate the consistency of such information, and the manner of presentation, with the financial statements or relevant evidence obtained during the course of the audit;
- For any other information that is not directly related to the financial statements, the auditor would compare the information to relevant audit evidence obtained during the course of the audit and conclusions reached during the audit; and
- For any amounts in other information calculated using amounts in any of the other information, the financial statements or the relevant audit evidence, the auditor must recalculate the amounts for mathematical accuracy.
The proposed other information standard requires these procedures to be conducted in order to identify any potential material inconsistencies or potential material misstatements of fact. The Proposing Release states that the standard for a “material inconsistency” is generally the same as that set out in current AU 550 – a “material inconsistency” exists when the other information is materially inconsistent with amounts or information, or the manner of their presentation, in the audited financial statements.[35] Also like current AU 550, the proposed standard does not define “material misstatements of fact.”[36]
Under the proposed other information standard, the auditor is also required to include specific statements in the auditor’s report (in a separate section of the report titled “The Auditor’s Responsibilities Regarding Other Information”) about its responsibilities for, and the results of, its evaluation of other information. These include, among others, statements that (1) the auditor’s evaluation was based on relevant audit evidence obtained and conclusions reached during the audit of the financial statements; (2) the auditor did not audit the other information and does not express an opinion on it; and (3) a statement either that (A) the auditor has not identified a material inconsistency or a material misstatement of fact in the other information, or (B) the auditor has identified a material inconsistency or material misstatement of fact (or both), and a description thereof.
We expect the principal area of comment on the proposed other information standard to be around the potential for increased liability inherent in addressing the auditor’s work in that regard in the report. Whereas under AU 550 the auditor now has an obligation to read the other information, to discuss potential material inconsistencies and misstatements of fact with management and potentially the audit committee and, in the case of a material inconsistency that is not appropriately revised, to consider whether it would be appropriate to describe that inconsistency in the auditor’s report, the proposed other information standard would instead require the auditor to make a public statement that it had affirmatively evaluated that information but did not discover any such inconsistencies or misstatements. By requiring the auditor to make the statement publicly in its report, the proposed standard creates the possibility that, under the Supreme Court’s decision in Janus Capital Group, Inc. v. First Derivative Traders,[37] the auditor will be subject to a private right of action under Rule 10b-5 predicated on the material inaccuracy of that statement, to which it would not have been subject if such statement were not made. This highlights the sharp distinction in potential consequences between statements made to an issuer or its management or audit committee during the course of an audit, on the one hand, and statements memorialized in an auditor’s report addressed to an issuer’s investors, on the other.
While it might be possible to distinguish the inclusion of this language in the auditor’s report on several grounds (including, in particular, that the auditor’s report would indicate the auditor had not audited the other information and was not expressing an opinion on the other information), historically auditors have sought to avoid providing even negative assurance on information outside the financial statements except in relatively limited contexts, and even in those contexts the use of negative assurance is optional rather than mandatory. Under AU 634, for example, in the context of an offering under the Securities Act, an auditor is permitted to provide negative assurance on certain specified matters outside the financial statements generally only to persons who have a “due diligence” defense under the Securities Act and who have provided a representation letter to the auditor. Similarly, under attestation standard AT Section 701, Management’s Discussion and Analysis (“AT 701”), auditors are permitted to examine or review, as the case may be, an issuer’s MD&A included in its filings.[38] Such an examination requires the auditor to make affirmative statements about the content of the MD&A, while a review requires the auditor to give negative assurance on it.[39] However, while the procedures under, and statements to be made pursuant to, AT 701 would seem in some ways to be similar to those proposed for the proposed other information standard, the examination procedure has been used only twice to our knowledge,[40] and we are not aware of any case in which the review procedure has been used. That these procedures are virtually never used is a testament to their very high cost and the unwillingness of auditors to expose themselves to incremental liability under the federal securities laws, as well as the perception that the examination or review procedure may not lead to optimal results when applied to the qualitative information provided “through the eyes of management” in MD&A disclosure.
Ironically, given the PCAOB’s moving away from suggested alternatives in the Concept Release for an AD&A or for auditor assurance on information outside the financial statements, principally because of liability concerns, the liability risk created by the proposed other information standard could be highest for auditors in connection with MD&A. Just as there is currently potential auditor exposure in the case of material errors in audited financial statements (or the notes thereto), it is a foreseeable outcome of the proposed other information standard that alleged material misstatements or omissions in MD&A disclosure, even in the absence of material errors in the financial statements (or notes), could lead to allegations against auditors.
A second area of likely comment is how the proposed standard will affect offerings under the Securities Act, particularly shelf offerings. The Proposing Release notes that, consistent with existing AU 550, the proposed other information standard “would not apply to documents containing audited financial statements and the related auditor’s report that are filed with the SEC under the Securities Act.”[41] The Proposing Release further notes that an auditor’s responsibilities with respect to Securities Act filings are governed by its responsibilities under the federal securities laws (in particular, Section 11 of the Securities Act)[42] and by AU Section 711, Filings Under Federal Securities Statutes (“AU 711”).[43] When, for example, an issuer’s annual report on Form 10-K is incorporated by reference into a shelf registration statement on Form S-3, AU 711 requires the auditor to perform procedures with respect to subsequent events to a date as close to the date of the filing of the Form 10-K as is reasonable and practicable in the circumstances.[44]
The Proposing Release notes that the PCAOB identified various obstacles to applying the reporting requirements under the proposed other information standard to documents filed under the Securities Act. The PCAOB noted, in particular, the auditor’s inability to change the date or the content of the auditor’s report in connection with a Securities Act filing, meaning that the report filed in a registration statement may not reflect any subsequent procedures performed under AU 711.[45] The PCAOB also noted that certain Securities Act filings may incorporate by reference annual reports containing financial statements and auditor’s reports that are filed with the SEC under the Exchange Act, meaning the incorporated auditor’s report “would reflect only the results of the auditor’s evaluation under the proposed … standard of the other information contained in the company’s previously filed annual report and not reflect the auditor’s procedures under [AU 711] on the portions of the shelf registration statement other than the previously filed annual report.”[46] The Proposing Release, however, does not squarely address the implications for incremental auditor liability that might arise from including the additional information, particularly with regard to other information, in auditors’ reports incorporated by reference from annual reports into registration statements (such as liability as an “expert” under Section 11 of the Securities Act, if that additional information is viewed as expertized). We believe the PCAOB does not intend to impose expert liability on the auditor with respect to this additional information, which the PCAOB should, with the concurrence of the SEC, make clear in any adopted auditing standard based on the proposal. Even if this is clarified so that the proposed additional information in the auditor’s report does not give rise to incremental expert’s liability under the Securities Act, as previously discussed it creates the possibility that the auditor will be subject to potential incremental liability regarding that additional information under Section 10(b) of the Exchange Act.
Additional Matters Raised in the Proposing Release
In addition to the more general issues identified in connection with the proposed standards, the Proposing Release also noted a number of issues around audits of particular entities in connection with the proposed standards. These included:
- Emerging Growth Companies. Because of the statutory requirements of the Jumpstart Our Business Startups Act (the “JOBS Act”),[47] the proposed standards would not automatically apply to “emerging growth companies” (“EGCs”). Section 104 of the JOBS Act provides that additional rules adopted by the PCAOB after April 5, 2012 do not apply to audits of EGCs unless the SEC determines the application of those additional requirements is necessary or appropriate in the public interest, after considering investor protection and whether the action will promote efficiency, competition and capital formation.[48] Accordingly, the proposed standards (and the related proposed amendments to existing standards) will be subject to a determination by the SEC regarding their applicability to audits of EGCs, which will separately require the PCAOB to decide whether to recommend to the SEC that the changes be applied to those entities. At this time, neither the PCAOB nor the SEC has made any statement or determination about the applicability of the proposed standards and amendments to EGCs, and the PCAOB is seeking comment on that issue.[49]
- Brokers and Dealers. Since Rule 17a-5 under the Exchange Act will require that audits of brokers and dealers be conducted in accordance with PCAOB standards for fiscal years ending on or after June 1, 2014, the proposed auditor reporting standard would be applicable to such audits. Rule 17a-5 also currently generally requires such entities to file annual audited financial statements with the SEC and other regulators. However, the rule permits such entities to “split” their financial statements and to file publicly only the statement of financial condition, while keeping the audited financial statements (and the related auditor’s report) confidential. The issue raised in the Proposing Release is whether, in this context, it makes sense to apply the changed reporting model to all auditors’ reports relating to audits of brokers and dealers filed with the SEC, even if those reports are not made publicly available.
- Investment Companies. The proposed auditor reporting standard would be applicable to audits of investment companies, because the financial statements included in a filing on Form N-CSR must be audited in accordance with the standards of the PCAOB. According to the Proposing Release, however, there is general consensus among many market participants that “the key information that investors need to make an investment decision about an investment company includes information about its investment objectives and strategies, risks, costs and performance”[50] (and, accordingly, not its audited financial statements). The issue raised in the Proposing Release is whether, in this context, it makes sense to apply the changed reporting model to all auditors’ reports of investment companies, given that such entities are less complex and have limited operations that entail fewer judgments and estimates.
- Employee Stock Purchase, Savings and Similar Plans (“Benefit Plans”). The proposed auditor reporting standard would be applicable to audits of benefit plans, because the financial statements included in a filing on Form 11-K must be audited in accordance with the standards of the PCAOB. Similar in certain respects to investment companies, the relevant information comprises assets, liabilities and ability to pay benefits, and the issue raised in the Proposing Release is whether it makes sense to apply the changed reporting model in this context.
In addition to the new proposed auditing standards, the PCAOB has also proposed changes to a number of other existing auditing standards. Generally these changes are conforming in nature, and reflect substantive changes only to the extent those would result from the adoption of the proposed standards, but in some cases the changes are fairly extensive. For example, those auditing standards that include a form of auditor’s report have been revised to reflect inclusion of at least the new basic information, and the proposed new other information standard would supersede current AU 550 in its entirety. Similarly, in proposing the new auditor reporting standard, the PCAOB proposed significant modifications to current AU 508, which the PCAOB proposes to retitle “Departures from Unqualified Opinions and Other Reporting Circumstances.” As it would be modified under the proposal, AU 508 would delete the form of standard unqualified auditor’s opinion (which would be moved to the new proposed auditor reporting standard). In addition, the provisions of AU 508 that currently permit the inclusion of explanatory language or an explanatory paragraph – which must be used in situations such as when there is substantial doubt about the company’s ability to continue as a going concern or the correction of a material misstatement in previously issued financial statements, and may be used at the discretion of the auditor in certain other circumstances – would also be moved to the new proposed auditor reporting standard. The proposed standard makes clear that, as before, the auditor generally has discretion on whether to add such paragraphs (other than those that are currently mandatory). This represents another area where the PCAOB chose not to implement a possible approach included in the Concept Release, which would have placed greater weight on including such disclosure. AU 508 would, however, continue to include matters on which the auditor’s report would preclude an auditor from furnishing an unqualified auditor’s report, such as scope limitations and departures from generally accepted accounting principles.
[1] The proposed auditor reporting standard is set forth in Appendix 1 to a PCAOB release dated August 13, 2013, which is available at http://pcaobus.org/Rules/Rulemaking/Docket034/Release_2013-005_ARM.pdf (PCAOB Rel. No. 2013-005) (the “Proposing Release”), and additional discussion of the proposed auditor reporting standard is set forth in Appendix 5 to the Proposing Release. The PCAOB voted unanimously to approve the issuance of the Proposing Release (which also included the new proposed other information standard), although in their statements the various PCAOB board members noted certain comments and questions about various aspects of the proposed standards.
[2] “Other information” is defined in the Proposing Release to include “information, other than the audited financial statements and the related auditor’s report, [included or incorporated by reference] in a company’s annual report that is filed with the SEC under the Securities Exchange Act of 1934 (“Exchange Act”) and contains that company’s audited financial statements and the related auditor’s report.” See Section III below for a more detailed discussion of what comprises “other information.”
[3] The proposed other information standard is set forth in Appendix 2 to the Proposing Release, and additional discussion of the proposed other information standard is set forth in Appendix 6 to the Proposing Release.
[4] Those amendments are set forth in Appendices 3 and 4 to the Proposing Release.
[5] Section 101(a) of the Sarbanes-Oxley Act of 2002 (emphasis added in the Proposing Release).
[6] The concept release is available at http://pcaobus.org/Rules/Rulemaking/Docket034/Concept_Release.pdf (PCAOB Rel. No. 2011-003) (the “Concept Release”).
[7] Proposing Release, at 11.
[8] Proposing Release, at 27.
[9] For example, the PCAOB noted in the Proposing Release that “[t]he auditor’s communication of critical audit matters would be based on information known to the auditor and procedures that the auditor has already performed as part of the audit,” and that “[t]he auditor’s evaluation [of other information] would be based on relevant audit evidence obtained and conclusions reached during the audit. The auditor would not be required to perform procedures to obtain additional evidence regarding other information not directly related to the financial statements that was not required to be obtained during the audit.” Proposing Release, at 15, 21.
[10] One approach outlined in the Concept Release was the creation of an AD&A, which would have required the auditor to write a separate supplemental narrative report that would include, among other things, an open-ended discussion of the auditor’s perspectives about the audit and the company’s financial statements. Concept Release, at 12-19; Proposing Release, at 22-23. The Proposing Release states that it is not the intent to change the auditor’s role or to require the auditor to provide analysis of matters in the financial statements. Appendix 5 to the Proposing Release, at A5-22.
[11] Proposing Release, at 15.
[12] Appendix 5 to the Proposing Release, at A5-22.
[13] Potential application of the various specified factors and how they should be considered in determining whether a matter is a critical audit matter are set out in greater detail in Appendix 5 to the Proposing Release, at A5-29 to A5-34. The factors specified in the proposed standard are (i) the degree of subjectivity involved in determining or applying audit procedures to address the matter or in evaluating related results; (ii) the nature and extent of the audit effort required to address the matter; (iii) the nature and amount of available relevant and reliable evidence regarding the matter or the degree of difficulty in obtaining such evidence; (iv) the severity of any control deficiencies identified relevant to the matter; (v) the degree to which the results of audit procedures to address the matter resulted in changes in the auditor’s risk assessments; (vi) the nature and significance, quantitatively or qualitatively, of any corrected and accumulated uncorrected misstatements related to the matter; (vii) the extent of any specialized skill or knowledge needed to apply audit procedures to address the matter or evaluate related results; and (viii) the nature of any consultations outside the audit engagement team regarding the matter. While under the proposal the importance of an audit matter to the overall financial statements may implicitly be a factor in determining whether it is critical, it is not explicitly a factor in the determination.
[14] Appendix 5 to the Proposing Release, at A5-27.
[15] Appendix 5 to the Proposing Release, at A5-35.
[16] Appendix 5 to the Proposing Release, at A5-65 to A5-78.
[17] This statement is available at http://pcaobus.org/News/Speech/Pages/08132013_Ferguson.aspx.
[18] Appendix 5 to the Proposing Release, at A5-39.
[19] Because of the changes set out in the proposed auditor reporting standard, the proposed standard uses the term “auditor’s unqualified report” in order to differentiate it from the term “auditor’s standard report” which is used in existing AU 508.
[20] Appendix 5 to the Proposing Release, at A5-5.
[21] Appendix 5 to the Proposing Release, at A5-16. In recent years, there have been a significant number of proxy proposals by stockholders requesting stockholder approval of a mandatory auditor rotation requirement, and the PCAOB is also considering the possibility of mandatory rotation. See, e.g., PCAOB Rel. No. 2011-006, Concept Release on Auditor Independence and Audit Firm Rotation (Aug. 16, 2011), available at http://pcaobus.org/Rules/Rulemaking/Docket037/Release_2011-006.pdf.
[22] While the Proposing Release is ambiguous as to whether it requires mandatory inclusion of investors other than stockholders, under the proposal other kinds of investors, such as holders of debt securities, could be required addressees in at least some cases. “The proposed standard indicates that addressees might include other appropriate parties depending on, for example, the legal and governance structure of the company. Accordingly, the auditor’s report could be addressed to others, such as bondholders.” Appendix 5 to the Proposing Release, at A5-9.
[23] The PCAOB noted the requirement to address the auditor’s report to investors “might serve as a reminder to the auditor that the auditor’s ultimate customer is the investor.” Appendix 5 to the Proposing Release, at A5-9.
[24] Appendix 5 to the Proposing Release, at A5-24.
[25] Appendix 5 to the Proposing Release, at A5-42.
[26] Appendix 5 to the Proposing Release, at A5-43.
[27] See also Section III below and the discussion of Janus Capital Group, Inc. v. First Derivative Traders, 131
S. Ct. 2296 (June 13, 2011) (holding that liability under Rule 10b-5 for statements made in a prospectus is limited to those with “ultimate authority” for such statements).
[28] The proposed other information standard would not apply to documents filed under the Securities Act of 1933, as amended (the “Securities Act”). See further discussion below. In addition, unlike existing AU 550, the proposed other information standard would not apply to documents to which the auditor, at the company’s request, “devotes attention” or to “glossy” annual reports distributed to stockholders.
The Proposing Release notes, by way of example, that “other information in an annual report on Form 10-K would include, among other items, Selected Financial Data, Management’s Discussion & Analysis, exhibits, and certain information incorporated by reference.” Proposing Release, at 19. Other information does not, for example, include information set forth in an earnings release filed on Form 8-K (even if that release were to include audited financial statements or an auditor’s report), nor does it include information included in a Form 10-Q.
[29] Proposing Release, at 7.
[30] Proposing Release, at 25.
[31] Under Section 10A, if, during the course of an audit, the auditor becomes aware of information indicating an illegal act (whether or not material to the financial statements) has occurred or may have occurred, then it must determine whether it is “likely” an illegal act has occurred and, if so, the possible effect on the financial statements. The auditor must inform management of the illegal act as soon as practicable and must assure itself the board of directors is also adequately informed (by management or otherwise) of any detected illegal act. In certain cases, the auditor may be required to notify the SEC of the illegal act, and to resign from the audit engagement.
[32] Appendix 6 to Proposing Release, p. A6-33; paragraph 13.e of the proposed standard.
[33] Proposing Release, at 7. The PCAOB noted its belief that, in practice, some auditors currently perform procedures related to other information that are similar to the procedures included in the proposed other information standard. Proposing Release, at 21.
[34] Proposing Release, at 21.
[35] Appendix 6 to Proposing Release, at A6-12. Appendix 6 notes that “[a] material inconsistency would involve an inconsistency between amounts in the financial statements and amounts in the other information that have a direct relationship to the company’s financial statements, such as quantitative information in the Selected Financial Data or MD&A sections, among others, of an annual report on Form 10-K, but would not be limited to only quantitative information. Qualitative statements, such as the description of the company’s critical accounting policies, estimates, and related assumptions in the other information of an annual report on Form 10-K, also would be directly related to accounts and disclosures in the financial statements and thus might involve a material inconsistency.”
[36] Appendix 6 to Proposing Release, at A6-12. Appendix 6 provides additional detail, noting that “[m]aterial misstatements of fact could relate to, among others, statements about the company’s competitive environment, technological developments, or supplier relationships. Although such statements in the other information do not directly relate to the accounts and disclosures in the financial statements, the auditor might have knowledge of such information as part of obtaining audit evidence or reaching conclusions during the audit. Such statements also might be an important driver of the company’s stock market value or be of particular importance to investors. For example, management might state in the other information that the company has the largest market share in the company’s industry. This information could be material to an investor’s decision about the company. The auditor might be aware, based on relevant audit evidence obtained during the audit, that the company does not have the largest share in the relevant industry. The proposed other information standard would require the auditor to evaluate whether management’s statement represents a material misstatement of fact.”
[37] 131 S. Ct. 2296 (June 13, 2011).
[38] Under AT 701, an “examination” calls for the auditor to examine the MD&A in order to express an opinion on the MD&A presentation, taken as a whole, by reporting whether (a) the presentation includes, in all material respects, the required elements of the rules and regulations adopted by the SEC; (b) the historical financial amounts have been accurately derived, in all material respects, from the entity’s financial statements; and (c) the underlying information, determinations, estimates, and assumptions of the entity provide a reasonable basis for the disclosures contained therein. The objective of a “review” of the MD&A, on the other hand, is to report whether any information came to the practitioner’s attention to cause him or her to believe that (a) the MD&A presentation does not include, in all material respects, the required elements of the rules and regulations adopted by the SEC; (b) the historical financial amounts included therein have not been accurately derived, in all material respects, from the entity’s financial statements, and (c) the underlying information, determinations, estimates, and assumptions of the entity do not provide a reasonable basis for the disclosures contained therein.
[39] AU 634 permits the auditor to refer to such an examination or review in the comfort letter to be received by the underwriters or others.
[40] In re Sony Corp., Exchange Act Rel. No. 40305 (Aug. 5, 1998). Available at http://www.sec.gov/litigation/admin/3440305.txt. Goldman Sachs Group Inc. engaged an auditor to examine its MD&A disclosure in connection with its initial public offering in 1999. See Form S-1, SEC File No. 333-74449, at 36-37. Available at http://www.sec.gov/Archives/edgar/data/886982/0000950123-99-003931.txt.
[41] Appendix 6 to Proposing Release, p. A6-46. Appendix 6 to the Proposing Release also discusses (at some length) potential considerations relating to Securities Act filings. Appendix 6 to Proposing Release, at A6-46 to A6-50.
[42] The Proposing Release notes that Section 11 imposes liability, subject to a due diligence defense, on “every accountant … who has with his consent been named as having prepared or certified any part of the registration statement, or as having prepared or certified any report … which is used in connection with the registration, with respect to the statement … which purports to have been prepared or certified by him.” Appendix 6 to Proposing Release, at A6-46. The sections covered by this language are often referred to as having been “expertized” by the certifying accountant.
[43] An auditor performs certain procedures under AU 711 to identify subsequent events that might impact the auditor’s report included in a registration statement from the date of the report up to or shortly before the registration statement effective date as part of conducting a “reasonable investigation” pursuant to Section 11 of the Securities Act, and AU 711 identifies certain responsibilities of the auditor if it discovers or becomes aware of relevant facts. See AU 711.10-13. In addition, AU 711 requires the auditor to read the relevant portions of the Securities Act prospectus to ensure the auditor’s name is not used in a way that indicates greater responsibility than intended and that the prospectus does not imply the financial statements were prepared by the auditor. See AU 711.08.
[44] See AU 711.10-11.
[45] Appendix 6 to Proposing Release, at A6-48 to A6-49.
[46] Appendix 6 to Proposing Release, at A6-5.
[47] Pub. L. 107-204.
[48] See Section 103(a)(3)(C) of the JOBS Act; see also Appendix 7 to Proposing Release, at A7-4 to A7-5.
[49] See Section 103(a)(3)(C) of the JOBS Act; see also Appendix 7 to Proposing Release, at A7-5 & A7-17 to A7-22.
[50] Appendix 5 to Proposing Release, at A5-61.