Chair Williams’ Statement on Adoption of New Standard for the Auditor’s Use of Confirmation
Remarks as prepared for delivery
A little over nine months ago, this Board convened to issue a proposal on revising our confirmation standard, AS 2310, The Confirmation Process – the process that involves the auditor verifying information about one or more financial statement assertions with a third party.
Despite the fact that the confirmation process touches nearly every audit and provides a critical tool for detecting fraud, this standard has not been substantively updated since it was adopted by the Board in 2003. In fact, it has not been substantively updated since it was originally written and put in place by the profession over 30 years ago in 1991.
In many ways, revising the confirmation standard is indicative of the broader task ahead of us as we work to modernize our standards to make sure they are effective at protecting investors in today’s world. So, it is fitting that this is the first standard-setting project where this Board issued a proposal and followed up with a new standard.
The standard-setting projects on our agenda address more than half of our standards in one way or another. Most of these standards being considered, like confirmation, are so-called ‘interim standards,’ which the PCAOB first adopted in 2003 based on standards set by the profession on what was intended to be on temporary basis. Yet, they have not been significantly updated in at least 20 years.
Our capital markets don’t stand still. They evolve constantly. Practices change. Technology advances relentlessly. And new risks emerge.
To keep investors protected, our standards must keep up.
And that is why we are here today.
When the confirmation standard was developed in the early 90s, the auditing profession was dominated by the exchange of paper documents. Confirmation requests were typically mailed to the confirming party, and requests were mailed back. At times, auditors would receive confirmation responses via a fax machine, which is why the existing standard references the use of facsimile responses.
Today, business is largely conducted online. We are meeting today on Webex. We walk around with sophisticated computers in our pockets and the ability to share information anytime, anywhere, with one tap.
It no longer makes sense for auditors to drop a confirmation request in the mail and assume the information in question is accurate if they hear nothing back. That’s why the standard before us focuses on positive confirmation, meaning an auditor must hear back from the third-party about the information they are trying to confirm. And if they are unable to obtain a response, they should perform alternative procedures to obtain relevant and reliable evidence for the information in question.
It does not make sense that accounts receivable should require confirmation, but cash held by third parties would not – nor does it adequately protect investors. That’s why the standard before us not only carries forward the existing requirement regarding confirming accounts receivable, it also includes a new requirement for confirming cash and cash equivalents held by third parties. In these circumstances, the standard creates a presumption of performing confirmation procedures or otherwise obtaining relevant and reliable audit evidence by directly accessing information maintained by a knowledgeable external source.
The standard takes a principles-based approach that provides for inevitable changes in technology and continued innovation by auditors in the ways they obtain evidence – keeping investors protected by ensuring the standard remains relevant as auditing evolves.
The public comments we received provided valuable insight, which is reflected in today’s adopting release.
We incorporated insight from commenters about ways the standard could better reflect the realities of how the confirmation process plays out in the real world. We incorporated ideas from investors about ways to strengthen communication with audit committees. And we strengthened the standard by providing additional clarity based on feedback from all stakeholders.
Thank you to everyone who shared your views.
With your input, this new standard will help auditors detect fraud and better protect investors now and into the future.
I would like to thank the many staff at the PCAOB for their work on this project. Specifically, I would like to thank in the Office of the Chief Auditor, Barb Vanich, Dima Andriyenko, Lisa Busedu, David Hardison, Dani Verbeck, and Heather Jossem; in the Office of Economic and Risk Analysis, Martin Schmalz, Mike Gurbutt, Tian Liang, Tasneem Raihan, and John Cook; and in the Office of General Counsel, Annie Yan, Keisha Patrick, and Connor Raso.
In addition, I would like to express my gratitude to my fellow Board members and their staff for their contributions to this project. I would also like to recognize the support provided by staff from the Division of Registration and Inspections, the Division of Enforcement and Investigations, and the Office of Communications and Engagement.
Finally, I would like to thank the Securities and Exchange Commission’s (SEC) staff, including the staff of the SEC’s Office of the Chief Accountant, for their support and assistance.