Noncompliance with Laws and Regulations

Objective

Consider changes to an auditor's consideration of possible noncompliance with laws and regulations, including how AS 2405, Illegal Acts by Clients, should be revised to integrate a scalable, risk-based approach that takes into account recent developments in corporate governance and internal control practices.

Most Recent Action

On June 6, 2023, the Board issued for public comment a proposal to replace AS 2405, Illegal Acts by Clients, in its entirety with AS 2405, A Company’s Noncompliance with Laws and Regulations, together with conforming amendments to PCAOB auditing standards. The comment period is open through August 7, 2023.

In brief, the Board’s proposal would:

• Replace the term “illegal acts” with “noncompliance with laws and regulations” and expressly include fraud, as defined by PCAOB standards, within the definition of noncompliance with laws and regulations.
• Expand the auditor’s obligation to plan and perform audit procedures to (1) identify laws and regulations with which noncompliance could reasonably have a material effect on the financial statements; (2) assess and respond to risks of material misstatement of the financial statements due to noncompliance with those laws and regulations; and (3) identify whether there is information indicating such noncompliance with those laws and regulations has or may have occurred.
• Enhance the auditor’s procedures for obtaining an understanding of the company and the auditor’s risk assessment procedures related to a company’s noncompliance with laws and regulations, and improve identification of noncompliance with laws and regulations, through targeted amendments to AS 2110, Identifying and Assessing Risks of Material Misstatement.
• Enhance the requirements related to the auditor’s evaluation of information related to noncompliance, including evaluating the timeliness and appropriateness of management’s remedial actions.
• Clarify and expand the auditor’s requirements to communicate information indicating noncompliance has or may have occurred to management and the audit committee, including for the auditor to communicate the results of the auditor’s evaluation.
• Align the requirements in the proposed auditing standard with the illegal acts provisions of Section 10A of the Securities Exchange Act of 1934 to help auditors to discharge their obligations under Section 10A.
• Enhance coordination and communications concerning noncompliance when auditor’s specialists or other auditors participate in the audit.  
• Enhance the risk assessment requirements by expanding the sources of information the auditor looks to when assessing risks of material misstatement in the financial statements, through other targeted amendments to AS 2110. 
• Clarify the auditor’s obligations to evaluate the implications for the audit when transactions or relationships with a related party indicate noncompliance has or may have occurred regardless of how the auditor becomes aware of such transactions or relationships (that is, whether or not such transactions or relationships were disclosed by the company to the auditor) through amendments to AS 2410, Related Parties.
• Expand the auditor’s consideration of noncompliance with laws and regulation in reviews of interim financial information by providing specific procedures, including additional inquiries, related to potential noncompliance, through amendments to AS 4105, Reviews of Interim Financial Information.
• Make conforming amendments to other PCAOB auditing standards.

Additional information on the proposal:

• Read the Proposal(PDF)
• News Release: PCAOB Issues Proposal to Increase Auditor Vigilance Against Fraud and Other Forms of Noncompliance With Laws and Regulations
• Docket 051: Amendments to PCAOB Auditing Standards related to a Company’s Noncompliance with Laws and Regulations
• Staff document: Comparison of Proposed AS 2405 with ISA 250 and AU-C Section 250(PDF)

Background

AS 2405 establishes requirements regarding the auditor's consideration of a company's possible illegal acts in an audit of financial statements. While the standard has remained largely unchanged since its issuance in 1988, the following developments have taken place:

• Adoption of the Board's Risk Assessment Standards: AS 2405 predates the adoption of the Board's risk assessment standards and therefore, might need to be modified;
• Companies' Ethics and Compliance Programs: There have been significant changes affecting companies' approaches to complying with applicable laws and regulations, as well as investor expectations; and
• ICFR and Whistleblower Programs: There have also been important statutory developments. As part of the Sarbanes-Oxley Act of 2002, in addition to requiring certain companies and their external auditors to report on the adequacy of the internal control over financial reporting, Congress also required public company audit committees to establish whistleblower programs for submission of anonymous tips and complaints related to accounting, auditing, and internal control matters.

Staff analysis will take into account observations from the Board's oversight activities, audit firms' methodologies, academic research, the activities of other standard setters and regulators, and information from investors and other stakeholders.

Status

The Board issued a proposal for public comment on June 6, 2023.

Resources