Auditor responsibilities for the completeness and accuracy of financial institution risk disclosures affect the inspection programs of the members of the International Forum of Independent Audit Regulators (IFIAR), noted PCAOB Member Dan Goelzer in a paper submitted at the IFIAR Roundtable on Financial Institution Risk Disclosure. He also said that through inspection workshop and plenary meeting discussions IFIAR members share inspections insights and identify challenges. In his view, this process could be a vehicle for gathering information about how auditors are performing in this area. Mr. Goelzer is Vice-Chair of the IFIAR.
IFIAR engages in dialogue with the major multi-national firms, both at the plenary meeting and working group level. In particular, IFIAR's Global Public Policy Committee Working Group provides a central forum for regular dialogue between audit regulators and the six largest audit firms regarding audit challenges and quality control system improvements. To the extent specific issues emerge regarding risk disclosure auditing, Member Goelzer suggested that these mechanisms could be used to discuss those issues with the large firms.
IFIAR members have a strong interest in the responsibilities of auditors with respect to financial institution risk disclosures and in any changes in those responsibilities. Member Goelzer reviewed the three major reporting model projects affecting risk disclosures put forth by key regulatory and standard-setting bodies that are considering ways of expanding the scope of the auditor's reporting responsibilities. These initiatives arise from dissatisfaction expressed by users of financial statements concerning the lack of information that auditors were required to provide about the risks and uncertainties faced by major financial institutions in the run-up to the 2008 economic crisis. The various auditor reporting proposals and alternatives under discussion extend beyond financial institution risk
The IAASB issued a consultation paper setting out options to close a perceived information gap and states that some investors and analysts believe that the auditor could report on key business, operational and audit risks the auditor believes exist as well as on the quality and effectiveness of the governance structure and risk management. The paper seeks views about types of additional information that could be included in the auditor's report and on the prospect of the auditor providing insight about the quality of entity financial reporting. Through IFIAR's Standards Working Group, members discuss and may comment on the implications of IAASB proposals, including any that address risk disclosure.
Issued on June 21, 2011, the PCAOB concept release discusses alternative ways of expanding the auditor's reporting model. Three of those alternatives could result in expanded information or assurance regarding risk, said Member Goelzer. The first alternative would require the auditor to provide an auditor's discussion and analysis (AD&A), similar to MD&A, which would be a supplemental narrative report discussing the auditor’s views regarding significant matters, such as audit risks.
The AD&A might also include a discussion of the auditor's views regarding the company's financial statements, such as management's judgments and estimates, accounting policies and practices, and difficult reporting issues.
The second alternative would require one or more emphasis paragraphs in all audit reports. The Board member noted that emphasis paragraphs could be used to highlight the most significant matters in the financial statements and identify where these matters are disclosed. The auditor might also be required to comment on key audit procedures performed pertaining to such matters. The third alternative would require auditors to provide assurance on information outside the financial statements, such as MD&A or earnings releases. Such a requirement could have the effect of requiring that risk discussion in MD&A be audited.
Finally, On November 30, 2011, the European Commission proposed a series of new requirements regarding statutory audits of public interest entities. Under the proposal, the content of the audit report disclosed to the public would be expanded to include an explanation of key areas of risk of material misstatements in the financial statements, a going concern assessment, and whether the audit was designed to detect fraud. In addition, the auditor would be required to prepare a more detailed report for the audit committee. This report would explain judgments about material uncertainty that may cast doubt about the entity's ability to continue as a going concern and on the findings of the audit with the necessary explanations.