Comments from ACCA
ACCA is pleased to provide comments relating to Rulemaking Docket Matter No. 34. Our comments are consistent with those we have recently provided to the International Auditing and Assurance Standards Board (IAASB) on their Consultation Paper Enhancing the Value of Auditor Reporting: Exploring Options for Change. That paper correctly identifies significant trends: the 'modernisation' of disclosures in the financial statements and user interest in disclosures that are arguably not part of the financial statements (or at least which are not addressed by the financial reporting framework). The overarching question is whether such disclosures are understood by users without an expectations gap? Furthermore, is there an appropriate user understanding of the limits of assurance when the subject matter is narrative and unrelated to traditional financial disclosures?
ACCA has been arguing for the past two years that, while the audit is not 'broken' as it adds real value by enhancing trust in financial statements, auditors could do much more. We believe audit needs to evolve to address not just the financial statements but also to give an opinion on more forward-looking, qualitative and non-financial data. There needs to be less focus on out-of-date figures and more on risk information. Nevertheless, the starting point should be improving corporate reporting not just auditor reporting.
We have previously published suggestions as to how the auditor's role and report should be improved and we have recently commissioned associated research to inform the unfolding debate in the European Union. We provide details of those publications in the body of our attached answers to the specific questions posed in the concept release.
Many have suggested that the auditor's report, and in some cases, the auditor's role, should be expanded so that it is more relevant and useful to investors and other users of financial statements.
a. Should the Board undertake a standard-setting initiative to consider improvements to the auditor's reporting model? Why or why not?
Given that the IAASB and others have begun initiatives it seems sensible for the PCAOB to similarly consider improvements to the auditor's reporting model. Such a project should be undertaken in close collaboration with others, however, to ensure that national differences are understood and reconcilable. We caution that, when participating in international initiatives, the PCAOB should recognise that the IAASB has to have considerable regard to the needs of engagements on financial statements for smaller entities.
b. In what ways, if any, could the standard auditor's report or other auditor reporting be improved to provide more relevant and useful information to investors and other users of financial statements?
Explaining better the audit methodology employed may help change user perceptions of audit, but users have different needs and levels of understanding; necessitating different approaches to meet those needs. Audit methodology can be highly complex and clarity of communication to users will be difficult to achieve. Users can always refer to the standards to which the auditor is required to comply and related materials but these extend to many hundreds of pages. It is unlikely, therefore, that any audit report can itself go into sufficient detail on the audit methodology employed to properly inform users. It would be feasible, however, to use the report to communicate what the auditor has done, the major factors considered during the audit and why the auditor has arrived at a particular opinion.
ACCA believes that there should be consideration of incorporating into the standard auditor's report a clear statement of responsibilities for reviewing and/or reporting on companies' risk management and corporate governance arrangements, indeed we have suggested that the auditor should report on an extended audit committee report. We also believe the auditor is well-placed to assess and report on the client's business model, or at least on the financial assumptions underlying that model. We accept that taking on such responsibilities - which would meet demands from users for more useful information from the audit - would require commensurate legal protection for auditors.
Should the Board consider expanding the auditor's role to provide assurance on matters in addition to the financial statements? If so, in what other areas of financial reporting should auditors provide assurance? If not, why not?
There are essentially two ways to bridge the expectations gap: moving the audit closer to the public perception, or changing that perception.
ACCA believes that it is now necessary to undertake an evolution of the auditor's role within the reporting process. The economic crisis has shown that there is still room for improvement within the audit and risk management functions and there is a legitimate debate that should take place about the role of audit, involving all stakeholders in the process. Reporting entities and auditors must pay heed to the deeper and wider needs of stakeholders and hence meet the reasonable demands of the market. All extensions of the auditor role have cost implications and the market would have to be suitably informed in making demands. The starting point should be improving corporate reporting not just auditor reporting.
ACCA is committed to identifying ways of closing the audit expectations gap and we have recently carried out a considerable body of work in response to the challenges presented to the auditing profession by the business environment. As part of ACCA's Accountancy Futures programme, in the year to September 2010 we researched the views of audit committee chairmen and hosted an international series of ten round-table discussions on the value of audit. The report Reshaping the audit for the new global economy presents our findings including those in relation to expanding the scope of the audit.
Within the above programme, during 2011 we would particularly draw attention to The Value of Audit: Views from Retail (Private) Investors audit as perceived by private investors and A Framework for Extended Audit Reporting a report by Maastricht Accounting, Auditing and Information Management Research Center (MARC) of Maastricht University, Netherlands, commissioned by ACCA to examine a possible framework for extended audit reports.
The standard auditor's report on the financial statements contains an opinion about whether the financial statements present fairly, in all material respects, the financial condition, results of operations, and cash flows in conformity with the applicable financial reporting framework. This type of approach to the opinion is sometimes referred to as a "pass/fail model."
Should the auditor's report retain the pass/fail model? If so, why?
Given the widespread support for the direct signalling of the pass/fail model we believe that it should be continued. The PCAOB faces special national circumstances in that the Securities and Exchange Commission does not accept qualified or adverse opinions or disclaimers of opinion.
Such circumstances may fundamentally affect the auditor/auditee interactions concerning identified issues but in the absence of reliable research findings it is not possible to draw informed conclusions as to the effect this might have on the need for change to reporting models; also, as noted in the concept release, 'coordination with the Securities and Exchange Commission ("SEC") would likely be necessary'.
If not, why not, and what changes are needed?
In view of our answer to part (a) of this question, we do not answer part (b).
If the pass/fail model were retained, are there changes to the report or supplemental reporting that would be beneficial? If so, describe such changes or supplemental reporting.
It is important that the auditor continues to have available a means of emphasising matters in the financial statements that are fundamental to users' understanding of the financial statements.
Please refer to our answer to question 1, concerning possible changes to the report or supplemental reporting that would be beneficial.
Some preparers and audit committee members have indicated that additional information about the company's financial statements should be provided by them, not the auditor. Who is most appropriate (e.g., management, the audit committee, or the auditor) to provide additional information regarding the company's financial statements to financial statement users? Provide an explanation as to why.
We believe that it is the role of management and those charged with governance (as appropriate) to provide additional information regarding the company's financial statements to financial statement users.
We are attracted to the model of reporting whereby the audited entity is free to report matters that the auditor has raised with the audit committee / those charged with governance. Auditing standards currently drive auditor communication, but entities may consider that they need the equivalent of financial reporting standards to govern the way in which they report externally, so that there is a degree of consistency and comparability between reporting entities. We fully support the development of such reporting and indeed targeted assurance engagements on it designed to achieve appropriate objectives; as these are more likely to be directly responsive to user needs and the value they place on them (as such assurance may be relatively costly).
Some changes to the standard auditor's report could result in the need for amendments to the report on internal control over financial reporting, as required by Auditing Standard No. 5. If amendments were made to the auditor's report on internal control over financial reporting, what should they be, and why are they necessary?
We recognise that information related to the audit of the company's financial statements discussed in the concept release could also include matters related to the audit of internal control over financial reporting. Unless there was prescribed content relating to the latter, however, we believe that the elements of reporting required by Auditing Standard No. 5 would continue to be relevant whether presented separately or in a combined report. It might be appropriate, therefore, to restrict any changes to standards to those other than Auditing Standard No. 5.
Questions 5 to 32 concerning potential alternatives for changes to the auditor's report
Questions 5 to 32 explore elements of reporting by means of presenting certain alternatives:
Auditor's Discussion and Analysis,
Required and expanded use of emphasis paragraphs,
Auditor assurance on other information outside the financial statements, and Clarification of language in the standard auditor's report.
As the concept release notes, these alternatives are not mutually exclusive, and a revised auditor's report could include one or a combination of these alternatives, elements within the alternatives, or alternatives not currently presented in this concept release. We do not provide views on best presentation as to do so, before knowing what changes are to be made to the individual elements, would be premature. Accordingly, we answer individually below only those questions most relevant to the positions we wish to advocate.
In general, we prefer brevity and simplicity in reporting as both encourage users to read auditors' reports and both facilitate comprehension.
Thus, a primary test for the inclusion of material has to be whether it is sufficiently important to counterbalance the attendant lengthening and complication of the report. We also believe that the overall impact of the report has to be considered even though, for the purposes of the concept release, elements of it are separately discussed.
Question 5 (and 6 to 12)
Should the Board consider an AD&A as an alternative for providing additional information in the auditor's report?
If you support an AD&A as an alternative, provide an explanation as to why.
Do you think an AD&A should comment on the audit, the company's financial statements or both? Provide an explanation as to why. Should the AD&A comment about any other information?
Which types of information in an AD&A would be most relevant and useful in making investment decisions? How would such information be used?
If you do not support an AD&A as an alternative, explain why.
Are there alternatives other than an AD&A where the auditor could comment on the audit, the company's financial statements, or both? What are they?
We do not believe that it is the auditor's role to provide detailed commentary on the financial statements, as management should provide all necessary disclosures. Accordingly, we do not support the concept of an Auditor's Discussion and Analysis which would be regarded mainly as commentary on the financial statements. This perception would persist even if the AD&A included commentary on the audit, or indeed on matters such as the auditor's relevant competencies.
We prefer the model under which the auditor reports to those charged with governance / the audit committee and the latter uses those insights to inform its own reporting in conjunction with the financial statements.
Question 14 (and 13, and 15 to 18)
Should the Board consider a requirement to include areas of emphasis in each audit report, together with related key audit procedures?
If you support required and expanded emphasis paragraphs as an alternative, provide an explanation as to why.
If you do not support required and expanded emphasis paragraphs as an alternative, provide an explanation as to why.
We see considerable difficulty in producing a list of required areas for comment, as circumstances will differ between entities and a one-size-fits-all approach is unlikely to be effective. A principles-based approach would seem to be preferable. We believe that auditors will seek to demonstrate that a consistently rigorous approach has been taken in relation to each area on which they comment. This can result in repetition of disclosures, or at least very similar wording in relation to several commented matters. Moreover, with the expectation of comment, auditors are likely to address more, rather than less, matters, diluting the value of the information for users.
If such statements were to become extensive it would raise concerns over the brevity of reporting and we see, therefore, more scope for informative reporting where the auditor positively wishes to comment. This should continue to be allowed under reporting standards, rather than introduce a required separate section of the report.
Requiring emphasis paragraphs similar to the approach of the French 'justification of the auditor's assessments' is likely to promote the emergence of boilerplate language. This has happened in practice.
Question 19 (and 20)
Should the Board consider auditor assurance on other information outside the financial statements as an alternative for enhancing the auditor's reporting model?
If you support auditor assurance on other information outside the financial statements as an alternative, provide an explanation as to why.
On what information should the auditor provide assurance (e.g., MD&A, earnings releases, non-GAAP information, or other matters)? Provide an explanation as to why.
What level of assurance would be most appropriate for the auditor to provide on information outside the financial statements?
If the auditor were to provide assurance on a portion or portions of the MD&A, what portion or portions would be most appropriate and why?
Would auditor reporting on a portion or portions of the MD&A affect the nature of MD&A disclosures? If so, how?
Are the requirements in the Board's attestation standard, AT sec.701, sufficient to provide the appropriate level of auditor assurance on other information outside the financial statements? If not, what other requirements should be considered?
We believe that a balance must be struck between extending the audit of the financial statements and the provision of assurance on related matters. While ACCA has identified significant demand for change, through the body of work referred to earlier in this response, it is important that sufficient detailed research is carried out to explore the views of preparers, users and auditors to determine the demand and the acceptable cost; as experience has shown that, when cost is fully appreciated, the price to be paid may be considered too high.
When determining the relative priority of options to explore, we caution against focusing on matters close to the area of standard setting for auditors when more valuable progress may be made by working together with others in the financial reporting supply chain.
The concept release presents suggestions on how to clarify the auditor's report in the following areas:
Auditor's responsibility for fraud
Auditor's responsibility for financial statement disclosures
Management's responsibility for the preparation of the financial statements
Auditor's responsibility for information outside the financial statements
Do you believe some or all of these clarifications are appropriate? If so, explain which of these clarifications is appropriate? How should the auditor's report be clarified?
The proposed clarifications may be subdivided into those dealing with what might be regarded as technical terms and those where 'responsibility', a word that takes its normal meaning, is being explained. We are sympathetic to the complaint that certain technical concepts are not understood by report users. Reasonable assurance is not explained by existing reports and we believe it is important that users understand that while the target might be absolute assurance, that is not achievable given the inherent limitations of the financial reporting and auditing processes and the need for timely reporting at a reasonable cost. Because auditing standards merely direct the process there is no direct link to the degree of confidence that a standards-compliant audit should provide. Nevertheless, users are entitled to demand the same level of assurance that financial statements are fairly presented as they demand that the next flight they take will arrive safely. Auditors must not be able to use the concept of reasonable assurance as a shelter against justified criticism of, for example, gathering insufficient evidence or exercising insufficient professional scepticism.
We have never found convincing the argument that mentioning 'independent' in the title of a report communicates sufficiently with users. We are sympathetic to the view that the auditor's report should disclose that the auditor has a responsibility to be independent of the audited entity and has complied with applicable independence requirements of the PCAOB and SEC. Moreover, where there are significant factors concerning independence that ought to be appreciated by users, we would support a requirement that such matters should be disclosed.
It is important that users understand the difference between information that is within the financial statements and is audited and the auditor's responsibilities towards other information. We believe that it would be generally beneficial for auditors to indicate, therefore, the precise scope of their responsibilities regarding 'other information'. This would be particularly important in cases where there are separate opinions on some other matters in addition to the general responsibility to consider other information in relation to the audit of the financial statements.
We discuss management and auditor responsibilities further in our answer to question 21.b below.
Would these potential clarifications serve to enhance the auditor's report and help readers understand the auditor's report and the auditor's responsibilities? Provide an explanation as to why or why not.
There has been academic research on the usefulness of generically-worded paragraphs concerning the responsibilities of management and auditors.
Recitations of the respective responsibilities of the auditor and management can be regarded as communication of their respective roles, but some regard the material as risk management by the auditing profession. We believe that the report of the auditor can best add to user understanding by setting out clearly the scope of the auditor's work. It is important to say what the auditor has done rather than what the auditor has not done. It is important to communicate the auditor's responsibilities precisely rather than make statements about who has assumed other related responsibilities.
What are the potential benefits and shortcomings of providing clarifications of the language in the standard auditor's report?
The benefits of clarifications of the language in the standard auditor's report are that users have an increased understanding of the report and hence greater precision in the extent to which they derive assurance from the audit. However, it is not simply a matter that adding to the standard report increases understanding. A balance must be struck between brevity and the need to include wording to clarify the language in the standard auditor's report. There is also a dilemma because expert users will already understand the matters for which clarification is proposed, whereas other users may find brief explanations insufficient for their purposes. For example, the concept of independence - which is a matter of degree rather than an absolute - is not easily explained.
Would a combination of the alternatives, or certain elements of the alternatives, be more effective in improving auditor communication than any one of the alternatives alone? What are those combinations of alternatives or elements?
As we indicated in our general remarks concerning questions 5 to 32, the way that certain elements are presented or combined is a secondary consideration. Each improvement to the standard auditor's report has to be assessed in relation to the needs of users. Only when that has determined the matters to be included in the report should the best form of presentation be itself decided. Having said that, in view of the different needs of expert and other users (mentioned in our answer to question 22 above) we see some merit in presenting further communications in a manner that clearly indicates their supplementary nature.
What effect would the various alternatives have on audit quality? What is the basis for your view?
We see no causal link between the form of reporting and audit quality. Nevertheless, user perceptions of audit quality may be influenced by the inclusion of wording that better exposes the rigour of the process, the relevance of its outcomes and the competencies and relevant qualities of the auditor.
Should changes to the auditor's reporting model considered by the Board apply equally to all audit reports filed with the SEC, including those filed in connection with the financial statements of public companies, investment companies, investment advisers, brokers and dealers, and others? What would be the effects of applying the alternatives discussed in the concept release to the audit reports for such entities? If audit reports related to certain entities should be excluded from one or more of the alternatives, please explain the basis for such an exclusion.
While the entities referenced in the question differ, they are ones in which there is considerable public interest and hence ones for which improvements in auditor reporting would be most valuable. This is not to say that all reports must be the same as, by promoting a flexible approach by auditors, the PCAOB would encourage tailoring to the particular circumstances rather than the application of perhaps boilerplate wording.
We suggest that some consideration should be given to the potential burden on smaller companies as their relative simplicity means that investors and indeed audit committees have less need of detailed information from auditors.
This concept release describes certain considerations related to changing the auditor's report, such as effects on audit effort, effects on the auditor's relationships, effects on audit committee governance, liability considerations, and confidentiality
Are any of these considerations more important than others? If so, which ones and why?
If changes to the auditor's reporting model increased cost, do you believe the benefits of such changes justify the potential cost? Why or why not?
Are there any other considerations related to changing the auditor's report that this concept release has not addressed? If so, what are these considerations?
We suggest that users of auditor's reports would benefit from increased transparency concerning the auditor, for example by including options to allow the auditor to present appropriate credentials. In several jurisdictions large audit firms are required to adopt publicly visible governance arrangements and publish 'transparency reports' containing information about their governance and capabilities. They are also subject to regulatory review that is in the public domain. User demand for equivalent levels of information might be satisfied in part by the auditor's report but also might require different regulatory action to achieve such transparency.
What requirements and other measures could the PCAOB or others put into place to address the potential effects of these considerations?
We comment on those circumstances where users demand assurance on disclosures related to, but outside, the financial statements. In relation to such matters, the prime movers must necessarily be the users, preparers, regulators and standard setters concerned with the provision of subject matter information that is suitable for assurance.
The PCAOB needs to reach a satisfactory position on standards for assurance / attestation and perhaps related services (and quality control) to support such developments.
The issue of auditor liability must necessarily be resolved in parallel with other actions to develop further reporting of assurance or related services on disclosures related to, but outside, the financial statements.
The concept release discusses the potential effects that providing additional information in the auditor's report could have on relationships among the auditor, management, and the audit committee. If the auditor were to include in the auditor's report information regarding the company's financial statements, what potential effects could that have on the interaction among the auditor, management, and the audit committee?
The answer to this question depends on the nature of the information disclosed by the auditor. We draw a distinction between primary provision of information and auditor commentary on disclosures already made by management. The latter is already familiar, albeit in restricted circumstances, and we do not see that expansion of that would change the interaction between the auditor, management and the audit committee. If auditors were to become primary disclosers, the relationship between the auditor, management and the audit committee would be affected by the blurring of roles and hamper the effectiveness of communication between them. Because the interaction is determined by the primary roles of each participant (which are unchanged), however, we do not see that the potential effects would be overly significant.