NOCLAR Audit Proposal Keeps Going
The Public Company Accounting Oversight board is seeking more input on its controversial proposal for audit firms to look more aggressively for compliance violations at client companies, amid continuing fierce debate over the benefits and potential costs of the idea.
The PCAOB announced Monday that it will hold a roundtable on March 6 to solicit further input about its “NOCLAR” proposal (the acronym stands for “non-compliance with laws and regulations”), which the agency first unveiled last summer. The PCAOB has also reopened its public comment period for NOCLAR through March 18.
Formally, the PCAOB says it is holding the roundtable “to obtain additional insight from commenters, stakeholders, and experts as the PCAOB staff works toward a final recommendation to the board” — but let’s not kid ourselves here. The PCAOB stirred up a hornet’s nest with its NOCLAR proposal, and has been trying to avoid getting stung ever since. This latest outreach falls into that camp.
First let’s remind ourselves of exactly what the PCAOB proposed to do here. The board wants to adopt a new standard for audit firms: AS 2405, Company’s Noncompliance With Laws and Regulations. As originally drafted last summer, that proposed new standard would require audit firms to take three steps with their clients:
- To identify, through inquiry and other procedures, laws and regulations that are applicable to the company and where non-compliance could have a material effect on the financial statements.
- To evaluate whether any non-compliance has happened. For example, auditors would be required to consider whether any specialized skill is needed to assist the auditor in evaluating information about possible non-compliance.
- To communicate to the appropriate level of management and the audit committee as soon as the auditor believes that noncompliance might have happened.
That sounds noble in theory, but the proposal raises a host of difficult questions in practice. For example, for the audit firm to understand what a material compliance violation is, wouldn’t it first need to perform an assessment of all compliance risks, to understand what is or isn’t material? What if the audit firm reaches a different conclusion about materiality than the compliance or internal audit team?
We could keep going with practical questions all day long. Indeed, PCAOB board member Christina Ho wrote a comprehensive critique of the NOCLAR proposal last summer, and voted against the proposal at the time.
NOCLAR Issues for Discussion
Back to next week’s roundtable. The PCAOB said it will consist of three panel discussions that in total will dive into five specific issues the agency wants to explore.
The threshold for identifying violations and illegal acts. Critics say the original language for identifying violations — “could reasonably have a material effect” — is too broad. So the PCAOB wants to discuss what other threshold definitions might work, what procedures the auditor should perform to identify laws and regulations relevant to financial reporting, and whether any of those procedures are already performed now as part of the standard audit.
Direct illegal acts vs. indirect illegal acts. Auditors already have some obligations to report suspected wrongdoing at a client under Section 10A of the Exchange Act, but there has long been confusion about illegal acts that arise from laws and regulations that have an indirect effect on the financial statements. The PCAOB wants to better understand that confusion and hopefully clarify what the standard requires.
Competence to assess noncompliance with laws and regulations. This is a potentially big bone of contention because if auditors need to consult with specialists to understand potential compliance violations, that could increase the cost of the audit substantially. So the PCAOB wants to understand how auditors already try to assess compliance violations (since they’re still supposed to do that, even under the looser standards of Section 10A) and what makes the most sense.
Attorney-client privilege. Some people fear that NOCLAR will lead to auditors demanding more access to potentially sensitive and privileged legal information the company might have — which might lead to company employees being less forthcoming with auditors about potential violations, contradicting the whole point of the NOCLAR proposal.
Cost-benefit calculations. And as always, plenty of critics say the economic costs of NOCLAR (higher audit fees, more employee time spent dealing with auditors) will far exceed the benefits, since most companies aren’t out there committing material compliance violations most of the time.
What Happens Next
Broadly speaking, the roundtable’s agenda is to help the PCAOB better understand the gap between current auditing standards for compliance violations versus the proposed new standards for NOCLAR.
OK, I’m glad to see the PCAOB taking the time to figure out where its proposal needs work — but that implicitly means the PCAOB is still trying to figure out how to make this proposal work. So I’m still going to bet that the PCAOB gets NOCLAR over the regulatory finish line sometime later this year.
One final point. I’ve started to hear from several companies that their audit firms and board audit committees have begun asking about NOCLAR and its potential implications for the annual audit. I’m not clear on how widespread these conversations are, but apparently NOCLAR has breached the boardroom agenda to at least some degree. If anyone wants to tell me (confidentally, of course) what’s happening in their boardrooms, drop me a line at [email protected] any time.