PCAOB Chair Williams’ Statement on Proposed New Standard for the Auditor’s Use of Confirmation
Remarks as prepared for delivery
As the name suggests, confirmation is about verifying that information on financial statements is accurate. It is the process auditors use to confirm certain information through independently obtained third-party verification.
Audit procedures that involve the use of confirmation are part of nearly every audit, and an effective confirmation standard is critical to maintaining audit quality and keeping investors protected. During times of economic uncertainty, confirmation can be a vital tool to help auditors combat fraud, making an effective confirmation standard more important today than ever.
Unfortunately, like too many PCAOB standards, the confirmation standard hasn’t changed since the Board first adopted the existing standard, AS 2310, The Confirmation Process, in 2003.
For example, AS 2310 still references fax machines, when confirmation requests and responses between the auditor and the confirming party today are often exchanged via email or through an intermediary that facilitates the direct electronic transmission.
It is so critical to ensure our confirmation standard is fit for purpose in today’s capital markets to ensure investors receive the protection they deserve. And that is why I support strengthening and modernizing our requirements for the auditor’s use of confirmation. I look forward to receiving input from all our stakeholders.
The confirmation project history is rather long, from a standard-setting perspective. The PCAOB initially issued a concept release in 2009 to solicit public comment on potential changes to the existing confirmation standard. That concept release was quickly followed by a proposed standard issued for public comment in 2010. Unfortunately, after 2010 the project stalled, and no further rulemaking regarding the auditor’s use of confirmation was issued by the PCAOB – until today.
The auditor’s use of confirmation has been a required audit procedure in the United States that dates back to 1939, when the American Institute of Accountants adopted Statement on Auditing Procedure No. 1 as a direct response to the McKesson & Robbins fraud case,1 which involved fraudulently reported inventories and accounts receivable that the independent auditors failed to detect through procedures other than confirmation. Since then, independently obtained third-party information continues to be an important source of evidence obtained as part of an audit of a company’s financial statements.
The world has evolved since AS 2310 was adopted by the Board, and today we are taking an important step toward making sure our confirmation standard keeps up and keeps investors protected.
I would like to thank the individuals that are responsible for bringing this proposal to us. Specifically, I would like to thank in the Office of the Chief Auditor, Barb Vanich, Dima Andriyenko, Lisa Busedu, David Hardison, and Dani Verbeck; in the Office of Economic and Risk Analysis, Mike Gurbutt, Tian Liang, Tasneem Raihan, and John Cook; and in the Office of General Counsel, Annie Yan, Keisha Patrick, and Connor Raso.
In addition, I would like to express my gratitude to my fellow Board Members and their staff for their contributions to this proposal. I would also like to recognize the support provided by staff from the Division of Registration and Inspections, the Division of Enforcement and Investigations, and the Office of Communications and Engagement.
Finally, I would like to thank the Securities and Exchange Commission’s (SEC) staff, including the staff of the SEC’s Office of the Chief Accountant, for their support and assistance.
1See In the Matter of McKesson & Robbins, Inc., SEC Rel. No. 34-2707 (Dec. 5, 1940).