The PCAOB Is Closing the Gap on Audits

PCAOB (“the Board”) rulemaking in 2024 is evident and impacts public accounting firms of all sizes and may place a burden on small to midsized firms. As such, the cost may trickle down to clients, and a reconsideration of the sphere of audit-related services offered is warranted. These changes, with staggered effective dates as early as October 2024, establish minimum requirements to conduct quality audits and increase guidance on technology use.  

The regulator adopted QC 1000 superseded previous quality control (“QC”) standards by following a risk-based system; increasing responsibility to monitor and respond to deficiencies; creating QC matter reporting requirements; and assimilating additional changes to the standards and forms. This supplements standards already in place for the use of others with increased governance in a heavily regulated environment. Added is a rigorous annual evaluation of the firm’s QC system with related reporting. The standard also governs network firms and third-party providers. Furthermore, compensation will be linked to quality; for the largest firms, a requirement is added to promote an independent perspective on firm governance. The extent of “applicable” requirements could change depending on a firm’s circumstances, and the QC system policies and procedures that a firm would have to implement and operate could change in response, thereby impacting cost. Some provisions are incrementally applied based on the number of reports issued to registrants—providing relief for small firms. Click here for a complete listing of recently adopted new and revised PCAOB standards. 

Under the current Rule 3502, associated persons who do not exercise reasonable care and contribute to a firm’s violations may escape liability and accountability because an individual must demonstrate “recklessness.” Under the revised standard, the threshold is set to a lower bar of “negligence,” which “is the failure to exercise reasonable care or competence.” ”Recklessness” requires “an extreme departure from the standard of ordinary care” that “presents a danger to investors or to the markets that is either known to the actor or is so obvious that the actor must have been aware of it.”  

Even though the Board made clear that associated persons will only be held responsible when contributing to a violation that materially or significantly contributed to the sole cause of the violation, this increases the responsibility of the auditor to exercise due care boosting investors’ confidence. This comes at a heavy price for firms already struggling with staffing and resources, because they will now face an enhanced possibility of sanctions of their associated persons, thereby prompting the need for reform. It may seem like double-dipping considering the scope of QC 1000 because of potential overlap. The Board’s opinion is that even though such circumstances may prevail, there could be instances it will not. A firm that has indemnification agreements in place that would compel it to bear the financial burden of defending or indemnifying associated persons may choose to purchase insurance to help alleviate the contingent financial burden. For firms self-insuring against such liabilities, the amount held in reserve or reinsurance may vary based on anticipated losses. To the extent that firms pass on some of the costs to their audit clients, the amendment could result in audit fee increases to cover firms’ compliance costs related to the amendment. 

Amendments to AS 1105, Audit Evidence, and AS 2301, The Auditor’s Responses to the Risks of Material Misstatement, are adopted to address aspects of the design and performance of audit procedures that involve technology-assisted analysis of information in an electronic format with conforming amendments to AS 2501, Auditing Accounting Estimates, Including Fair Value Measurements. Specific matters related to other technology applications used in audits (e.g., blockchain or artificial intelligence) or the evaluation of the appropriateness of tools under the firm’s QC system are not addressed. It does specify auditor responsibilities when (i) performing tests of details; (ii) using multi-use audit procedures; and (iii) for evaluating of the reliability of certain audit evidence with the emphasizes on the importance of appropriate disaggregation of detail of information. The costs of the amendments could disproportionately impact smaller firms.  

To the extent that firms make changes to their existing audit approaches, fixed costs may be incurred, including costs to update audit methodologies, templates, and tools; prepare training materials; train staff; and develop or purchase software. U.S. global network firms (“GNFs”) and some U.S. non-affiliated firms (“NAFs”) will likely update their methodologies using internal resources, whereas other NAFs may purchase updated methodologies from external vendors. Certain engagement-level variable cost may prevail. For example, the amendments related to evaluating whether certain information provided by the company in electronic form and used as audit evidence is reliable could require additional time and effort by engagement teams that use such information in performing audit procedures. Integrated audits or financial statement audits that take a controls-reliance approach may see reduced impact because, in these cases, internal controls over the information, including ITGCs and automated application controls, may already be tested. Some firms may pass on at least part of the increased costs through an increase in audit fees.  

These amendments clarify and specify auditor responsibilities when designing and performing audit procedures that involve technology-assisted analysis. As a result, some auditors may incur incremental costs related to procedures to comply with the amendments. For example, in addition to applying technology-assisted analysis when testing specific items in the population, some auditors may address the items not selected for testing by performing other substantive procedures—if the auditor determines that there is a reasonable possibility of a risk of material misstatement in the items not selected for testing (i.e., the remaining population). To the extent that auditors currently do not fulfill their responsibilities under existing PCAOB standards related to the remaining population when there is a reasonable possibility of a risk of material misstatement, those firms may incur one-time costs to update firm methodologies and ongoing costs related to fulfill their responsibilities. 

Even though the cost of software that can analyze large volumes of data has decreased, because of the amendments, some auditors could reduce their use of technology-assisted analysis if firms conclude that the benefits would not justify the associated audit costs. 

Other amendments to be mindful off includes the change to the confirmation process and the use of other auditors, effective in 2024 and 2025, respectively, which will also have an economic impact on firms.