Statement on Proposed Amendments to PCAOB Auditing Standards related to a Company’s Noncompliance with Laws and Regulations

Remarks as prepared for delivery

I support issuing this proposal, which would strengthen the requirements of auditors to identify, evaluate, and communicate noncompliance with laws and regulations, including fraud. Our investor protection mission drives this proposal. 

Indeed, researchers estimate that only one-third of corporate “frauds” are detected and that such “fraud” erased $830 billion in equity value during 2021 alone.1 Another study notes that auditors only detected four percent of cases involving “occupational” noncompliance.2 This is simply unacceptable. While auditors may not be the perpetrator of the noncompliance or fraud, auditors are investors’ boots on the ground, and are therefore important gatekeepers.  Auditors must step up and fulfill their duty.

This duty includes planning and conducting an audit that provides reasonable assurance that the financial statements are free from material misstatement whether they are caused by error or fraud. And that evaluation of materiality involves both quantitative and qualitative considerations. 

Auditors have long been required under Section 10A of the securities exchange act to perform procedures designed to provide reasonable assurance of detecting illegal acts that could have a direct and material impact on the financial statements. Under our proposed standard, mere compliance with Section 10A is the floor. We expect more.

If adopted, the proposed standard would certainly demand more by requiring auditors to plan and perform procedures to -  

  1. Identify laws and regulations with which noncompliance could reasonably have a material impact, either direct or indirect, on the financial statements;
  2. Assess and respond to risks of material misstatement due to noncompliance with those identified laws and regulations; and
  3. Identify whether there is information indicating noncompliance with laws and regulations has or may have occurred.

Mere inquiry would not be sufficient to determine that noncompliance has not occurred. 

Auditors, however, are not required to know every single law or regulation a company might be subject to. In fact, the proposal itself clearly states, “These laws and regulations would necessarily be relevant to the company or its operations but would not represent every law or regulation to which the company is subject.”  Moreover, auditors do not start from a blank slate – the auditor benefits from management’s process to identify these laws and regulations. Issuers currently identify and disclose material risks related to laws and regulations in periodic filings made under federal securities laws.

The auditor’s identification, however, would not be limited to those laws and regulations identified by management to fulfill its disclosure obligation. The list developed by management of such laws and regulations is a source of information for the auditor.

In addition, auditors should already have knowledge of a company’s regulatory environment as required under existing PCAOB standards, including risk assessment.

I believe that the proposed standard appropriately focuses the auditor’s attention on only those laws and regulations that could reasonably have a material effect on the financial statements. In doing so, we believe the standard will promote audit quality by ensuring that auditors identify, assess, and respond to material noncompliance, and in so doing, the standard promotes investor protection.

The proposed standard acknowledges there may be times auditors need to engage outside experts. Requiring auditors to contemplate whether use of experts is needed is a common practice across PCAOB standards, including when performing risk assessments, planning or performing audit procedures, and when evaluating audit results. This isn’t new or different.

I support this proposal for another reason, and the current standard was adopted by the PCAOB in April 2003. That standard was issued by the Auditing Standards Board of the American Institute of Certified Public Accountants in 1988. Much has changed since that time. It’s critical our standards change and evolve to remain fit for purpose. 

The auditing profession today, and the public issuers and registered broker-dealers we regulate, are not what they were in the 1980s. The risk profiles of these issuers and BDs have evolved significantly over the last four to five decades. Many are global companies operating in multiple jurisdictions for which material noncompliance with laws and regulations can go undetected if auditors fail to properly identify, assess, and respond to regulatory and legal risk in the audit. This proposal updates the requirements to reflect today’s dynamic market.

The fact that today’s vote is not unanimous underscores the importance of our public notice and comment process. While I believe this proposal strengthens requirements on the auditor to identify, evaluate, and communicate noncompliance, the standard can only improve with the benefit of our stakeholders’ comments. Today’s proposal, if adopted, represents significant change, I therefore encourage all of our stakeholders to provide their feedback. 

Auditors play an essential role in protecting investors by ferreting out potential noncompliance, evaluating it, and ultimately in shining a light on what they discover. Trust in our capital markets depends on auditors performing this role with the due care and professional skepticism it demands. 

I believe the proposed standard, if adopted, will increase investor protection by raising the requirements of auditors and demanding that they live up to their duty to the investing public.      

I would like to thank the many individuals involved in this proposal, including from the Office of the Chief Auditor Barb Vanich, Jessica Watts, Lisa Calandriello, Kevin Lombardi, and Michael Shimansky. From the Divisions of Enforcement and Investigations, Rebecca Mealey. From the Office of Economic and Risk Analysis, Mike Gurbutt, John Cook, Tian Liang, and Federico Garcia. From the Office of General Counsel, Connor Raso, and Michael Ungar.

I would also like to thank my fellow Board members and my staff for their efforts towards this standard-setting project. Finally, I would like to thank the Securities and Exchange Commission’s (SEC) staff, including the staff of the SEC’s Office of the Chief Accountant for their support and assistance.

1 See Alexander Dyck, Adair Morse, and Luigi Zingales, How Pervasive Is Corporate Fraud?, Review of Accounting Studies 1 (2023).

2 Occupational Fraud 2022: A Report to the Nations, Association of Certified Fraud Examiners.