Audit firms would have to report once a year to the Public Company Accounting Oversight Board and their clients’ audit committees on how effective their systems are.
The Public Company Accounting Oversight Board on Friday proposed tightening the rules that govern the controls audit firms use to assess the quality of their audits, a move aimed at improving the effectiveness of audits and better protecting investors.
A rule, if completed, would represent the first major change to the PCAOB’s standards on quality controls since it adopted them in 2003, shortly after the board was formed.
The existing standards require audit firms to have policies and procedures in place to cover areas such as ethics, personnel management, and audit engagement performance as part of their quality controls. These standards are among many that the U.S. accounting watchdog was allowed to copy from the American Institute of Certified Public Accountants, a professional association, on an interim basis. The regulator inspects audit firms’ approach to quality controls as part of its reviews.
The PCAOB now wants firms to do significantly more work to ensure those controls are in line with standards. Firms would have to assess the risks associated with achieving effective quality controls, such as maintaining accurate calculations of performance metrics and designing procedures intended to address those risks. Firms also would have to report annually to the PCAOB and their clients’ audit committees on how those policies and procedures are working.
The PCAOB wouldn’t publicly release those company disclosures, but it might eventually update inspection reports in case an audit firm hasn’t fixed a quality-control problem more than a year after the regulator identified it, officials said. The 2002 Sarbanes-Oxley Act, which created the PCAOB, prohibits it from making certain quality-control issues public.
The proposal also would require firms that audit more than 100 companies a year to appoint at least one person unaffiliated with the company—not a partner, shareholder, or employee—to their governance board. Fourteen audit firms issued audit reports for over 100 businesses apiece last year, the PCAOB’s website shows.
The proposed changes affect the entire audit, from accepting the engagement to planning and performing the audit and reporting out the results, Chair Erica Williams said Friday. “By elevating all firms’ QC systems, this proposal directly aligns with our mission to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports,” she said.
The proposal marks the latest action the regulator has taken on the issue since 2019. The PCAOB, under former Chair William Duhnke, issued a so-called concept release that suggested aligning its rules on quality control more closely with the International Auditing and Assurance Standards Board, which sets international auditing rules in many countries outside the U.S. The IAASB’s rule focuses more on potential risks to audit quality than the existing PCAOB standards. The project didn’t make it to the proposal stage before the Securities and Exchange Commission 2021 fired Mr. Duhnke and moved to replace the board.
Friday’s proposal goes further than the IAASB’s in several ways—for example, the risk disclosure and the appointment of an independent board member. The decision to diverge from the IAASB was made based on internal data on inspections and investigations, PCAOB officials said. The PCAOB considers the IAASB’s rule-making for its own standards and tries to avoid unnecessary differences, Ms. Williams said earlier this week.
The PCAOB voted to issue a proposal that the public can comment on, effective immediately, over a 75-day period ending Feb. 1, 2023. The rule would go into effect on Dec. 15 of the year that the SEC, which oversees the PCAOB, approves it, assuming it does. Audit firms would have to conduct the first evaluation of their quality controls by the following Nov. 30.
The PCAOB expects to propose one more rule before the end of the year. It is considering revising changes to rules on confirmations, a process by which audit firms obtain and evaluate audit evidence from independent third parties.
The regulator is working to update more than 30 audit rules related to 10 of its standard-setting projects, many of which refer to outdated technology. The PCAOB plans to propose at least five new rules next year—for example, on auditors’ evaluation of potentially illegal acts in the audit by their clients and on auditors’ assessment of a company’s ability to continue operating.
Also Friday, the PCAOB proposed a budget of $349.5 million for next year, up 12.6% from the previous year. The SEC typically votes on the PCAOB’s proposed budget by year-end.