Statement on Reproposed Auditing Standard: Engagement Quality Review
I want to thank the staff for bringing forward this proposal. A number of people helped on the proposal, but in particular I commend Greg Scates, Dima Andriyenko and Jake Lesser for all their hard work. You have thoughtfully, and thoroughly, analyzed the comments we received, as well as the goals board members have expressed. The product today not only reflects all that work, but it also reflects your untiring commitment to developing standards that put investor protection first.
I don’t say that lightly, because in fact there were a lot of calls to weaken the proposal. I’m disappointed that reproposing means further delays of important investor protections. Our inspections continue to find serious audit deficiencies, at both large and small firms. Better engagement quality reviews should catch those deficiencies and prevent investor harm.
At the same time, I am comfortable that today’s proposal retains the investor protections of the original proposal, and indeed has benefited from refinement. Importantly, the proposal clearly states that reviewers are responsible for identifying and following up on problems.
I believe some auditors have mistakenly believed that following the proverbial principle of “see no evil, speak no evil” is a good approach for a reviewer. To the contrary, that approach has never shielded reviewers from liability when they’ve failed to address problems that a reasonably diligent reviewer would have found and followed up on. The proposal describes a better approach, both for auditors and investors.
The original proposal prevented an auditor from providing concurring approval if he or she “knew or should have known” of a problem. Some commenters seemed alarmed at that standard, although in fact that’s the standard that applies today. Another way to articulate it is to say that reviewers must exercise due care. “Due care” may be a more familiar standard, and it may sound a little less like legal-ese, and that’s fine, since they both get to the same place.
There have been other refinements. I won’t go into them in detail, because the release does and I encourage commenters to read it. In general, those refinements attempt to correct mistaken impressions commenters seemed to have, such as that the EQR is intended to be a re-audit. It’s intended to be rigorous, and I think our inspection record amply demonstrates renewed rigor is justified. But it’s not intended to be a re-audit.