Consider changes to an auditor's consideration of possible noncompliance with laws and regulations, including how AS 2405, Illegal Acts by Clients, should be revised to integrate a scalable, risk-based approach that takes into account recent developments in corporate governance and internal control practices.



AS 2405 establishes requirements regarding the auditor's consideration of a company's possible illegal acts in an audit of financial statements. While the standard has remained largely unchanged since its issuance in 1988, the following developments have taken place:

  • Adoption of the Board's Risk Assessment Standards: AS 2405 predates the adoption of the Board's risk assessment standards and therefore, might need to be modified;
  • Companies' Ethics and Compliance Programs: There have been significant changes affecting companies' approaches to complying with applicable laws and regulations, as well as investor expectations; and
  • ICFR and Whistleblower Programs: There have also been important statutory developments. As part of the Sarbanes-Oxley Act of 2002, in addition to requiring certain companies and their external auditors to report on the adequacy of the internal control over financial reporting, Congress also required public company audit committees to establish whistleblower programs for submission of anonymous tips and complaints related to accounting, auditing, and internal control matters.

Staff analysis will take into account observations from the Board's oversight activities, audit firms' methodologies, academic research, the activities of other standard setters and regulators, and information from investors and other stakeholders.




The staff is analyzing relevant information and developing a proposal for the Board's consideration.