Investor Advisory Group recommends update to standard for auditor’s consideration of client’s illegal acts

A working group of the PCAOB’s Investor Advisory Group (IAG) urged the PCAOB to update a standard related to an auditor’s consideration of a client’s noncompliance with laws and regulations.

AU Section 317, “Illegal Acts by Clients,” which is codified by the PCAOB as Auditing Standard (AS) 2405, has remained largely unchanged since it was issued in 1988.

“It doesn’t reflect the world as we know it today. A lot of things have transpired” since then, Mary Bersot, CEO and Chief Investment Officer of Bersot Capital Management LLC who serves as the co-lead of the working group, said during a meeting of the IAG in Washington on Oct. 24, 2017.

Bersot said that the working group believes AS 2405 is not strong enough to protect investors today.

“It needs to be strengthened in terms of defining auditor’s responsibilities with regards to these issues,” she said. “Also needs to enhance steps the auditor needs to take, they must perform when they discover a material illegal act related to the financial statements.”

The focus on the auditor’s responsibilities regarding its client’s illegal acts comes amid a string of high-profile cases in the past few years. For example, Wells Fargo & Co. created more than 1.5 million unauthorized bank accounts and more than 560,000 credit card applications from 2011 to 2015, and investors asked where its auditor, KPMG LLP, was to prevent the fraud.

“It isn’t completely clear that it was a financial matter in the beginning, but a billion dollar reserve for liability and the effect on their reputation does impact the stock price,” Bersot said. “There is a financial effect, so investors expect auditors to detect these problems and report them in a timely manner.”

Grant Callery, a principal at Oversight and Governance Solutions, LLC who serves as the other co-lead of the working group, agreed that it is time for the PCAOB to update AS 2405.

“The language is pre-SOX [Sarbanes-Oxley Act of 2002], pre-Dodd-Frank,” Callery said. “As we look at the current standard, there are a lot of ‘shoulds,’ not too many ‘musts.’ We think that sort of dichotomy ought to be looked at closely.” 

The working group analyzed international auditing standards and the Government Accountability Office’s (GAO) “Yellow Book” audit standards for government, and Callery said they were in some cases “more stringent” than AS 2405. “We think the staff ought to consider those areas.”

For example, “there is no real focus in the current standard for whistleblowers, but in post-SOX world, that landscape has changed dramatically,” he noted.

Among other things, the working group urged the PCAOB to require the auditor to assess the risk of an illegal act as part of the audit planning process, including the audit procedures to be performed. The group said the PCAOB should clarify in AS 2405 that the auditor is responsible for detecting illegal acts which could have a material effect on the financial statements and their obligation when they are aware of, or should have been aware of, significant other illegal acts. The working group also suggested that the standard be updated to include a non-exclusive list of example illegal acts.

PCAOB members agree that a careful review of the standard is needed, and the board in 2016 put it on the research agenda. “The staff is exploring whether there is a need for improvements to AS 2405 to provide better direction to auditors regarding their responsibilities with respect to illegal acts.”

On the investor advisory panel’s recommendation that would require the auditor to assess the risk of illegal acts, board member Jeanette Franzel said auditors could “leverage some of the testing already happening in ICFR [internal control over financial reporting].”

“So, control environment, tone at the top, incentives that don’t make sense. That’s all part of what auditors should be looking at,” Franzel explained. “We don’t see many material weaknesses with control environment or tone at the top until or unless there has been a big, major blow up. This would also help focus auditors in this area, which is so important.”

For more information on this topic, or to learn how Baker Tilly SEC accounting specialists can help, contact our team.


We have partnered with Thomson Reuters to issue our monthly SEC accounting insights. Please feel free to contact Baker Tilly at accounting@bakertilly.com if you have any questions related to these articles or Baker Tilly's Accounting and Assurance Services. © 2017 Thomson Reuters/Tax & Accounting. All Rights Reserved.