Statement on Proposed Auditing Standard Related to Confirmation
The Board is considering today a proposed standard that would update and expand the requirements related to the auditor's use of confirmations. Confirmation – that is, direct auditor communication with a third party about a particular item affecting the company's financial statements – is one of the building blocks of auditing. Because confirmation involves third parties, it provides a high level of audit evidence. Asking customers who owe the company money to confirm the accuracy of their balances is a familiar example of an audit confirmation, but there are many other aspects of financial reporting that can be the subject of confirmation procedures. Confirmation of receivables has been required in the United States since the SEC's 1940 McKesson Robbins case, a stunning fraud in which the perils of auditing that takes the company's word for its receivables were dramatically demonstrated.
The current confirmation standard – AU 330 – was written more than 15 years ago. The proposed new standard not only modernizes AU 330, but also strengthens the confirmation requirements to better protect investors and other users of audited financial statements. The changes the proposal would make fall into three categories.
First, the new standard would expand the scope of the confirmation requirement. At present, receivables need only be confirmed if they arise "from the sale of goods or services in the normal course of business." The proposal, in contrast, would provide that the auditor should confirm a wider range of accounts that represent money owed to the company, including receivables "from credit sales, loans, or other transactions." In addition, the proposal would require confirmation procedures in response to significant risks arising from other kinds of transactions or arrangements with third parties, if the relevant assertions can be adequately addressed by confirmation. The proposed standard also includes a new requirement to confirm cash held with financial institutions; fictitious bank accounts have been the lynchpin of several notorious frauds.
Second, the new standard would update the requirements by addressing changes in confirmation practice. In particularly, the new standard recognizes the prevalence of electronic communications, electronic recordkeeping, and the internet. It would also reflect a lower-tech kind of change – the increasing frequency with which respondents include disclaimers, limitations, and other legal boilerplate in their responses.
Third, the proposed standard would more explicitly incorporate consideration of the risk of error or fraud into the selection, design, and planning of confirmation procedures. This is consistent with other Board standard setting projects – particularly the pending risk assessment standards – which I anticipate we will have before us for final consideration later this summer. In its emphasis on fraud and other misstatement risk, this proposal dovetails with the approach in the proposed risk assessment standards.
I would also like to comment on how this standard fits into the Board's standard-setting process. In part, this proposal addresses observations made by PCAOB inspectors and illustrates how the Board's inspections program and its standard-setting work together. As the release notes, PCAOB inspectors have observed instances in which the auditor did not obtain sufficient competent evidential matter from confirmation responses that included disclaimers as to their accuracy. The proposal includes a requirement for the auditor to evaluate the effect of disclaimers and restrictive language on the reliability of a confirmation response.
In addition, the development of this proposal reflects an effort to make the Board's standard-setting more transparent and to give investors, preparers, auditors, and other interested persons more opportunities to shape new standards. The proposal was developed based in part on feedback received through a concept release and through public discussion of the Board's Standing Advisory Group. The release and proposed standards text we are considering today will afford a further opportunity for interested persons to weigh in.
* * * * *
I want to thank the staff for their ongoing work on this project. I particularly want to acknowledge the hard work of Associate Chief Auditor Dee Mirando-Gould, who is the principal draftsperson. Chris David in the Chief Auditor's Office, and Bob Burns and Nina Mojiri-Azad in the Office of the General Counsel, have also played important roles in getting this proposal to the Board, as have Chief Auditor, Marty Baumann, and Deputy Chief Auditor, Jennifer Rand. I appreciate all of your efforts.