Introduction
On November 18, 2022, the Public Company Accounting Oversight Board (PCAOB or the Board) proposed, A Firm’s System of Quality Control and Other Proposed Amendments to PCAOB Standards, Rules, and Forms, a new quality control (QC) standard applicable to all PCAOB registered public accounting firms. Similar in structure to the “quality management” standards of the American Institute of Certified Public Accountants (AICPA) and the International Auditing and Assurance Standards Board (IAASB), the proposal is also based, in part, on the Board’s inspection data and observations, and comments on its December 2019 Concept Release, Potential Approach to Revisions to PCAOB Quality Control Standards.
Among other things, the proposed QC standard, if adopted, would create new reporting obligations, expand the auditor’s responsibility to respond to deficiencies on completed engagements, and replace the Board’s interim ethics standard ET 102 with a new standard, EI 1000, Integrity and Objectivity.
Risk-based Approach
Driven by a risk-based approach that requires firms to proactively identify and respond to “quality objectives,” the QC standard would establish requirements for a firm’s design, implementation, and operation of its QC system that provides reasonable assurance of compliance with applicable legal and professional requirements. The risk assessment process would require firms to:
• Establish outcome-based “quality objectives”
• Identify and assess “quality risks” to those quality objectives
• Design and implement “quality responses” to those quality risks
• Establish policies and procedures to monitor changes that may require modifications to the quality objectives, quality risks, and quality responses
Scope of proposed requirements
The proposed QC standard would apply— in total—to all PCAOB-registered public accounting firms (firms) whereas the current interim QC standard applies certain QC requirements only to firms that were members of the AICPA SEC Practice Section on April 16, 2003.
A proposed expansion throughout the proposed QC standard is the inclusion of “other participants” in the quality objectives, which goes beyond the firm and its personnel to include organizations and other professionals that assist with the performance of a firm’s audit and attest engagements or the design, implementation, or operation of the firm’s QC system. This approach differs from that taken by the AICPA and IAASB, which instead focus on the firm and its personnel.
Basic Structure
Similar to AICPA and IAASB quality management standards, the PCAOB is proposing that eight (8) highly integrated components comprise a QC system: (i) the risk assessment process; (ii) governance and leadership; (iii) ethics and independence; (iv) acceptance and continuance of client relationships and engagements; (v) engagement performance; (vi) resources; (vii) information and communication; and (viii) the monitoring and communication process.
This article focuses on the responsibilities relating to the QC component, Ethics and Independence.
Proposed Requirements: Ethics and Independence (E&I)
Ethics and Independence (E&I) Quality Objectives
As proposed, a firm must establish three (3) quality objectives for the E&I component of its QC system:
(1) E&I requirements are understood and complied with by the firm, firm personnel, and other participants. Fundamental to the auditor’s role, the firm is responsible for ensuring that all relevant individuals understand E&I requirements and have adequate resources to comply with them.
(2) The firm identifies, evaluates, and responds to conditions, events, relationships, or activities that could constitute violations of E&I requirements on a timely basis. Firms should address both firm-level and individual-level matters. For example, a firm could identify its planned acquisition of another firm as an event that could create violations by certain of the acquired firm’s personnel. On the individual side, the firm could identify an individual’s promotion to the manager level as an event that requires reassessment of compliance with the independence rules. The goal of this quality objective is to proactively prevent violations of E&I requirements, or if they do occur, quickly remediate them.
(3) Violations are communicated on a timely basis to the individual assigned operational responsibility for the firm’s compliance with E&I requirements. Firms should address both individual (i.e., firm personnel and other participants) and firm-level compliance. A personal violation could result from a covered person’s spouse owning stock in an audit client or having a prohibited loan whereas a violation by the firm might involve performance of prohibited advisory services, a contingent fee arrangement, or failure to obtain audit committee pre-approval. To meet this quality objective, communication to the appropriate person(s) in the firm should be timely.
E&I Specified Quality Responses
The proposed QC standard specifies several quality responses that are based on the SEC/PCAOB rules framework and include independence quality controls (with certain refinements) that, to date, apply only to SECPS member firms. The specified quality responses are summarized below:
1. Firms must design, implement, and maintain policies and procedures that address E&I requirements, including all of the following:
a. Identify and address matters that may reasonably be thought to bear on the independence of the firm, firm personnel, and affiliates of the firm.
b. Firm personnel and other participants should perform all activities associated with performing engagements and operating the QC system with integrity and objectivity (e.g., training on E&I, evaluating the QC system, and supervising engagements).
c. Establish a consultation process for E&I matters and identify matters that require consultation.
d. Monitor compliance with applicable E&I requirements and related firm policies and procedures.
e. Identify conditions, events, relationships, or activities that could constitute E&I violations, take preventive and corrective action to address violations on a timely basis, require personnel and other participants to report E&I violations of which they become aware (including escalation procedures), and communicate violations to external parties (e.g., audit committee), as appropriate.
2. Policies and procedures for matters that may reasonably be thought to bear on independence must include all of the following:
a. Identify firm and personal relationships with restricted entities (REs), i.e., audit clients and their affiliates, including financial interests that might impair the firm’s partners and managers’ independence. If a firm audits more than 100 issuers, an automated system for monitoring financial interests is required; firms with less than 100 issuers should consider automating the process.
b. Maintain an RE list that is made available to all personnel and other participants. Communicate changes to the RE list to all relevant persons at least monthly (or more frequently, as appropriate).
c. Require the firm to review the RE list prior to entering into relationships or interests that may impact independence, e.g., engagements to perform nonaudit services or certain fee arrangements. If applicable legal or professional requirements warrant, the firm should take the required action(s) on a timely basis.
d. Require firm personnel to review the RE list upon employment and engagements, when certain changes occur (e.g., promotion or changes to the RE list), and before they or a relevant family member purchase(s) stock, obtain(s) a loan, or enter(s) into a business relationship, etc. Such individuals should take required action(s) to comply with the rules on a timely basis when warranted.
e. Require firm personnel to certify upon employment, at least annually thereafter, and upon changes in their personal circumstances, their understanding and compliance with SEC and PCAOB requirements and the firm’s independence policies and procedures.
f. Identify matters that require audit committee preapproval and obtain preapproval, as needed.
3. Make E&I policies and procedures (including substantive changes) available to firm personnel and other participants on a timely basis.
4. Provide mandatory training on E&I requirements and the firm’s E&I policies and procedures to firm personnel near the time of initial employment and at least annually thereafter.
Key Changes from Current PCAOB QC Standard
In summary, the E&I component of the proposed QC standard:
• includes more detailed requirements than the existing requirements,
• expands the application of QC requirements to all firms that are registered with the PCAOB, and
• expands certain requirements to include ethics issues in addition to independence.
Proposed Rescission of Interim Standard ET 102
The proposal would rescind the Board’s interim ethics standard, ET 102, Integrity and Objectivity (ET 102), and replace it with a new standard, EI 1000, Integrity and Objectivity. Based on existing ET 102, the proposed EI 1000 reflects revisions to better align the Board’s ethics requirements with the scope, approach, and terminology of proposed QC 1000.
Note: A “mid-term” standard-setting project, Interim Ethics and Independence Standards, appears on the Board’s website. It describes future standard setting involving E&I:
“In connection with the PCAOB’s interim standards project, consider whether PCAOB registered firms and their associated persons existing obligations should be enhanced and updated to better promote compliance through improved ethical behavior and independence.”
Effective Date
If adopted, the PCAOB is considering an effective date of December 15th one year after the SEC approves the final standard. The Board would begin evaluating firms’ QC systems the following November 30th. The provisions of QC 1000, if adopted, would take effect on the same day.
Comment Deadline
Interested persons should submit written comments to the Board by February 1, 2023.
The material in this publication is provided with the understanding that the author and publisher is not engaged in rendering legal, accounting, or other professional services. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. The author and publisher make no representations, warranties, or guarantees as to and assume no responsibility for the content or application of the material contained herein, and expressly disclaim all liability for any damages arising out of the use of, reference to, or reliance on such material. You may reprint material in this newsletter if it is unaltered and credited to the author and Audit Conduct. If being reproduced electronically, the following link must also be included: www.auditconduct.com. © Copyright 2023 – Audit Conduct, LLC. All Rights Reserved.