Statement on Consideration of Proposing Auditing Standards Related to the Auditor’s Assessment of and Response to Risk
A sound and sophisticated understanding of the risks of material misstatement, and planning and executing an audit in a way that responds to those risks, are essential to affording investors reasonable assurance that financial statements are free of material error. The Board’s mandate is to ensure quality auditing and to promote confidence in audit reports. Therefore, focusing on the risk assessment process and the auditor’s response to risk is one of the most important steps we can take to strengthen the auditing standards. This effort is especially timely, given current events in our financial markets. I support publishing these seven proposed standards for comment.
Reliably identifying risk is not a simple task or one that lends itself to predetermined formulas and checklists. Rather than adding to what has already been said about the specific approach to that process in the proposals, I would like to underscore several points about the project itself.
First, this proceeding marks a new direction in our standard-setting. So far, most of the energy the Board has devoted to writing auditing standards has been aimed at fulfilling specific statutory tasks in the Sarbanes-Oxley Act, such as developing an internal control auditing standard and a standard for concurring partner review. Risk assessment is the first major effort to do what Congress envisioned when it gave the Board the authority to set public company auditing standards -- step back and ask how the existing standards can be strengthened to meet the challenges of modern auditing.
Second, the staff began formulating the risk assessment standards by looking at the comparable provisions of the international auditing standards -- the ISAs. The Board is still feeling its way in trying to determine what the relationship between PCAOB standards and the ISAs should be. At least for now, an approach that tries to avoid needless inconsistency, but that stops short of seeking conformity for its own sake seems to me to make sense. I think these proposals have benefitted from the effort that went into looking first to the ISAs. However, the resulting package of standards is by no means a twin to the ISAs -- "cousin, perhaps distant cousin," might better describe the family resemblance. The release includes an appendix that provides a high-level comparison between these proposals and the comparable ISAs. The merits of the approach taken here is one of the areas in which I hope we will receive thoughtful comment.
Third, unlike other Board standards, each of these proposals includes a brief statement of the audit objective that the standard is intended to fulfill. Here too, the Board needs the views and suggestions of commenters to make sure the objectives are phrased in a way that will be useful in guiding auditors, particularly in areas that demand judgment.
My final point relates to the transparency and openness of the Board’s process. This project began over three years ago with a public discussion of audit risk assessment by the Board’s Standing Advisory Group, and ideas from that meeting are reflected in the proposals. The staff is recommending a 120-day comment period -- longer than the norm in the past -- to afford ample opportunity for public input. Depending on the nature of the comment, I hope we will consider additional steps to promote transparency. Possibilities could include publishing a revised proposal and opening a second comment period. We may also want to hold additional public forums or Board discussions to consider the comments. For a project of the magnitude and importance of risk assessment, we need to be sure that investors and the profession understand what we are seeking to accomplish and that we understand the practical consequences of any new standards.
A tremendous amount of thought and effort has already gone into this project, and I would like to thank the staff members involved. It takes nothing away from that work to add that, more than in the case of some other proposed standards, I view the risk assessment project as one that is still unfolding. I look forward to input and dialogue that will help the Board make sure that these standards are well-tailored to sophisticated audit risk assessment and high quality auditing.