Wednesday, March 22, 2023

SEC’s Chief Accountant issues best practices reminder for audit firms’ use of other auditors

By John Filar Atwood

The SEC and PCAOB continue to observe problems with lead auditors’ use and supervision of the work performed by other auditors, and leading SEC Chief Accountant Paul Munter reinded auditors that their systems of quality control over personnel management and supervision of the audit engagement must include the work of other auditors. In a public statement, Munter noted that the ongoing problems include the use of other auditors that are not registered with the PCAOB, violations of the PCAOB’s communications standards, and deficiencies related to reporting on Form AP.

Munter noted that globalization has led to an increase in the use of, and more significant roles for, accounting firms and individual accountants other than the lead auditor (“other auditors”) on many audit engagements. In 2021, 26 percent of all issuer audit engagements and 57 percent of large, accelerated filer audits involved the use of other auditors by the lead auditor, he said.

This can be a problem, Munter stated, especially given recent academic research indicating that the quality of the work performed by other auditors is inconsistent. The research is underscored by the SEC staff’s own observations as well as by recent enforcement actions brought by the PCAOB, he added.

Munter reminded firms that an unregistered accounting firm causes a violation of PCAOB Rule 2100 whenever it plays a substantial role in the audit of an issuer regardless of the audit engagement structure used by the lead auditor. All firms should be aware of this requirement and safeguard against any violations in its use of other auditors during an audit engagement, he urged.

Observed violations. He noted that the staff also has observed violations of PCAOB standard 1301, Communications with Audit Committees, when lead auditors are not attentive to the accurate legal entity name of other auditors that perform audit procedures and, as a result, fail to communicate correctly such auditors’ names, locations, or planned responsibilities. He also cited recent deficiencies related to Form AP, Auditor Reporting of Certain Audit Participants, which include instances where the lead auditor’s Form AP contains inaccurate or omitted information, such as failing to report the audit participation of the correct legal entity or inaccurately disclosing audit hours incurred by other accounting firms.

Munter emphasized the importance of audit committee communications and Form AP filings. He noted that because many accounting firms operate within a network of separate accounting firms, instances of faulty or incomplete communication with the audit committee risks confusing or misleading the committee into thinking that the engagement involves a single registered firm rather than a lead audit firm and other auditors within the same network. Clear and accurate communication with the audit committee about which firms performed the work and the steps the lead auditor took to drive greater consistency in audit quality is essential to the audit committee’s ability to oversee and evaluate the performance of the independent audit firm, he stated.

Network firms. Munter addressed the use of firms in the same network as the lead auditor, which are often distinct legal entities and may have different systems of quality control. Stakeholders may mistakenly assume that the audit quality will be consistent across member firms within the same network. He advised lead auditors to be mindful of the risk of their own presumptions when using the work of other auditors within their networks and urged them to be vigilant in their supervision and review of network firms.

He also pointed to the risks presented by in-network firms that are located outside the U.S. A few other countries have implemented regulations similar to Sarbanes-Oxley Act Section 404, he said, but there are no international auditing standards analogous to PCAOB AS 2201 which covers the effectiveness of internal control over financial reporting. PCAOB inspection results indicate that the execution of audit procedures over internal control or financial reporting is challenging for auditors outside of the U.S., including network-member firms, he added.

Munter reminded stakeholders to consider that the professional training and experience of the lead auditor may differ from those of the other auditors, including the training and experience in performing audits of financial statements and the effectiveness of internal control over financial reporting under the PCAOB standards. Networks may include a combination of registered and unregistered audit firms and other associated entities, he said, and unregistered audit firms performing a role in audits conducted in accordance with PCAOB’s auditing standards are required to comply with the PCAOB’s quality control standards.

In Munter’s view, network firms may benefit from governance policies and procedures that support consistency and accountability among the member firms regarding the establishment and application of quality control, and supervision and review policies and procedures. This may include having strong, consistent client acceptance and continuance policies across the network, a vigorous internal inspection function, continuous and consistent training, and robust audit methodologies and tools, he said.

Independence considerations. Munter noted that the involvement of other auditors in an audit also elevates the risk to an auditor’s independence. Deficiencies observed by the SEC and PCAOB staff regarding independence suggest that certain auditors, specifically non-U.S. members of network firms and their personnel, may not sufficiently understand SEC and PCAOB independence requirements, or have appropriate controls in place to prevent or detect violations, he advised.

He recommended that members of a network firm carefully monitor as part of their quality control systems non-audit relationships with an audit client to avoid situations that impair independence in fact or in appearance. An effective firm-wide, or network-wide, approach looks not only to the current impact of non-audit and business relationships on audit clients, he stated, but also anticipates foreseeable future impacts, especially for those relationships that cannot be easily unwound.

Good practices. Munter noted the significant contributions to financial reporting by audit committees through their oversight of the independent auditors. He said that with respect to the use of other auditors, audit committees should be actively engaging with the lead auditor to consider the sufficiency of their quality control system, specifically those procedures around supervision and evaluation of the audit work performed by other auditors.

Munter suggested that audit committees give careful consideration to the lead auditor’s use of other auditors, especially in areas of significant risk, and engage in related dialogue in response to communication requirements. Some of the questions that audit committees could ask their auditors include:
  • Are there other participating accounting firms that play a substantial role in the audit?
  • If so, are they registered with the PCAOB and subject to PCAOB inspections?
  • How does the lead auditor supervise the audit work performed by other auditors?
  • How does the lead auditor assure that the work is being performed by other auditors that understand the requirements of the applicable financial reporting framework and the PCAOB’s auditing and related professional standards?
Munter reminded issuers and audit committees that if an unregistered firm plays a substantial role in the audit, the issuer’s financial statements are considered to be “not audited.” Any accompanying annual report, proxy statement, or registration statement containing or incorporating by reference such financial statements creates potential liabilities for the issuer and others, he stated. Accordingly, management and audit committees should engage with the auditors regarding the PCAOB registration status of other auditors.

He concluded by reiterating that it is imperative that an audit firm’s quality control system is consistent with both the PCAOB’s quality control standards and the Commission’s auditor independence requirements. Only then will an audit firm be able to identify and assess the risks related to the involvement of other auditors, including network firms, and design and implement the appropriate responses, he stated.