On Monday, the PCAOB adopted two new auditor standards for financial statement auditors: General Responsibilities of the Auditor in Conducting an Audit and A Firm’s System of Quality Control. The timing of these is interesting in light of the SEC’s recent enforcement against BF Borgers CPA PC and its owner, Benjamin F. Borgers, but I suspect that is just coincidence given the PCAOB’s standard setting process. To be clear, these new standards only apply to audits conducted under PCAOB standards – financial statement audits conducted for SEC compliance purposes. Subject to approval by the Securities and Exchange Commission, the new standards and related amendments will take effect for audits of financial statements for fiscal years beginning on or after December 15, 2024.
Even so, nonfinancial auditors could learn and benefit from these new standards. For instance, the new QC standard includes requirements that audit firms:
- Would be required to annually evaluate their QC system and report the results of their evaluation to the PCAOB on new Form QC, which would be certified by key firm personnel to reinforce individual accountability.
- Firms that audit more than 100 issuers annually would be required to establish an external oversight function for the QC system, referred to as an External QC Function (EQCF), composed of one or more persons who can exercise independent judgment related to the firm’s QC system. The EQCF’s responsibilities should include, at a minimum, evaluating the significant judgments made and the related conclusions reached by the firm when evaluating and reporting on the effectiveness of its QC system.
With regard to auditor responsibilities, the new standard reinforces auditor independence requirements and clarifies “that an auditor’s professional skepticism extends beyond the evaluation of the sufficiency and appropriateness of audit evidence.”
Among those facing increased scrutiny, criticism and relationship to “materiality” that would benefit by implementing programs aligned with these standards – industry audit programs supporting corporate ESG initiatives (such as supplier audits) and ESG/social audit firms. Maybe some firms have a regular external review, but I am not aware of them; likewise with industry audit programs. As the third panel of yesterday’s PracticalESG Virtual Event on ESG assurance covered, there are many users of ESG data and assurance – Boards, investors, lenders and in an M&A context. Yet they all have similar expectations of data quality, controls and reliability, making auditor expertise/independence/skepticism, audit rigor and QC processes more important than ever. ESG audit firms that don’t follow established professional standards that are closely aligned with financial auditing standards present risk for themselves as well as their audit clients.
I’ve been through two external program reviews – one as an internal environmental auditor with a large manufacturing company operating under a Department of Justice/EPA Consent Agreement and the other as an external auditor performing Independent Private Sector Audits for conflict minerals reports to the SEC. External audit QC reviews may be a little painful, but they are valuable exercises, greatly increase external confidence in audit quality and results, and reduce risk for auditors and clients.
If you aren’t already subscribed to our complimentary ESG blog, sign up here: https://practicalesg.com/subscribe/ for daily updates delivered right to you.
