PCAOB proposes new auditing standard: Action steps for public companies

The Public Company Accounting Oversight Board (PCAOB) has proposed a new auditing standard: Non-Compliance with Laws and Regulations (NOCLAR). Originally released for public comment on June 6, 2023, the proposed standard aims to enhance the responsibilities of auditors in identifying and responding to instances of NOCLAR.

While originally set to close on August 7, 2023, the comment period was reopened and extended through March 18, 2024, following pushback and commentary from stakeholders within the audit profession, including both auditors and public companies that would be affected by the new standard.

The proposal is wide-ranging and, if adopted, would drastically change the current audit model and significantly expand auditor obligations. In this issue of Practical Compliance, we look at the proposed standard and current auditing standards, and offer action steps for public companies as they prepare for the potential change.

Existing standard

Under the existing PCAOB standards, auditors are required to consider noncompliance with laws and regulations as part of their audit procedures, with a particular focus on those that have a direct effect on the determination of financial statement amounts.

The auditor's consideration of NOCLAR is currently guided by a risk-based approach, which focuses on identifying material misstatements in financial statements. The existing framework does not explicitly require auditors to search for NOCLAR, but rather to assess the implications of identified noncompliance on the financial statements.

Auditors are also expected to understand the legal and regulatory framework applicable to the client as it relates to financial reporting. If auditors become aware of NOCLAR, they must discuss it with management and, if necessary, those charged with governance.

Implications of the proposal

The proposed NOCLAR standard significantly expands the auditor's duties in the detection and response to instances of noncompliance. According to public feedback, auditors are generally supportive of replacing the term “illegal acts” with “noncompliance with laws and regulations,” but they are concerned with the expansion of the definition to include “all other types of fraud, such as non-scienter-based fraud” as it represents a significant expansion in scope. Such expanded definition would introduce an affirmative obligation for auditors to actively seek out and evaluate any noncompliance by an audit client with laws and regulations that could have a direct or indirect effect on the financial statements.

The proposal suggests a more proactive role for auditors, requiring them to consider a broader range of noncompliance issues beyond those tied to accounting standards. The standard would necessitate enhanced procedures for auditors to follow when potential NOCLAR is identified, including a more rigorous evaluation of the implications for the audit and the financial statements.

While auditors are generally supportive of the proposed requirements for the auditor to obtain an understanding of management’s process related to identifying laws and regulations with which noncompliance could reasonably have a material effect on the financial statements, there is concern that the proposal would establish an unconditional responsibility for auditors to undertake audit procedures to proactively identify laws and regulations with which noncompliance could reasonably have a material effect on a company’s financial statements.

Additionally, the proposal outlines specific communications that auditors would need to make to management and, in certain circumstances, to regulatory and enforcement authorities. The proposed standard emphasizes the importance of documentation, requiring auditors to keep detailed records of identified NOCLAR and the actions taken in response.

If the proposal is adopted, auditors will be tasked with an affirmative obligation to detect and evaluate all instances of noncompliance by an audit client with laws and regulations, regardless of their connection to existing accounting standards. This expansion of scope could potentially endanger the confidentiality and protections of attorney-client communications, as auditors may need to probe areas traditionally reserved for legal counsel. There is a risk that the audit function, which is central to ensuring the integrity of financial reporting, could become diluted by the additional focus on compliance matters. The proposal could also disrupt the distinct roles traditionally played by legal and accounting professionals, potentially leading to overlaps and conflicts in their respective duties. Moreover, the additional responsibilities could add significant costs to the audit process, which may outweigh the benefits of the enhanced standard. For example, there is a concern that the proposal would require auditors to enlist the help of a large number of individuals, including attorneys and other legal professionals across different disciplines and jurisdictions, in order to comply with the proposed requirements. Companies may face increased audit fees and a greater administrative burden as auditors implement more extensive procedures. The proposal could also lead to a more adversarial relationship between auditors and clients as the former delve deeper into the latter's compliance with laws and regulations.

Preparing for NOCLAR

Public companies are encouraged to begin preparing for the potential adoption of the NOCLAR standard by the PCAOB. Companies should consider evaluating their current compliance program systems and controls to ensure that they are aligned with the NOCLAR emphasis on compliance with laws and regulations, and consider enhancements to ensure that these compliance program systems are designed to identify and detect instances of potential noncompliance and are operating as intended.

Public companies may consider:

• Assessing current systems and controls for monitoring compliance with laws and regulations.
• Enhancing training programs for staff on compliance and audit support.
• Initiating discussions with auditors about the potential impact of the NOCLAR standard.
• Engaging with legal counsel to understand the legal aspects of the proposal, including implications for attorney-client privilege and confidentiality.
• Evaluating and potentially strengthening internal reporting mechanisms for NOCLAR issues.
• Conducting or updating compliance risk assessments.
• Reviewing and updating compliance policies and procedures to ensure critical compliance risk areas are properly addressed.
• Preparing for potential increases in audit fees and administrative costs.
• Assessing the adequacy of documentation practices for compliance matters.
• Reviewing contracts with auditors to anticipate changes in scope and fees.
• Developing a plan for responding to auditor inquiries related to NOCLAR.

Key takeaways

The PCAOB's NOCLAR proposal represents a significant shift in the responsibilities of auditors with respect to detecting and responding to noncompliance with laws and regulations. Public companies are encouraged to be proactive in understanding the potential changes and preparing for their implementation. Companies should also consider engaging with auditors and legal counsel to navigate the implications of the proposal effectively, as well as monitor the potential costs and administrative burdens associated with the new standard. Outside counsel may help ensure that all legal and regulatory aspects are adequately addressed.

For more information, please contact the authors.