Friction simmers within the audit industry following the Public Company Accounting Oversight Board’s (PCAOB) controversial June 2023 proposal: Non-Compliance with Laws and Regulations (NOCLAR). While the existing standard – Auditing Standard 2405, "Illegal Acts by Clients” (AS 2405) – focuses on financial misstatements tied to specific laws, NOCLAR demands a broader scope.
Concerns abound over NOCLAR proposal to widen auditor’s duties
Under the new standard, auditors would be required to transform into legal bloodhounds, ferreting out potential violations across the legal landscape, even those with indirect financial impact.
Imagine auditors hunting through the financial statements to uncover a healthcare provider engaging in dubious billing practices, an energy firm skirting environmental regulations, or a technology company violating data privacy laws like GDPR or CCPA resulting in regulatory fines and lawsuits.
These types of findings are the idealistic vision of NOCLAR proponents, particularly investor groups. They argue that NOCLAR empowers auditors to catch misconduct earlier, safeguarding investors from unforeseen losses.
Meanwhile, the audit industry bristles at the proposal, with critics arguing that NOCLAR pushes auditors beyond their core financial expertise and into the murky waters of complex legal matters. They fear audits morphing into expensive, all-encompassing hunts, diverting focus from the critical task of ensuring financial statements’ accuracy. The specter of auditors drowning in legalese and mountains of data looms large, potentially driving companies, especially smaller ones, to seek refuge in private markets to escape the intense scrutiny.
Current standard vs. NOCLAR: Changing the auditor’s role
The key differences between NOCLAR and the existing standard lie in the scope of legal compliance. Under AS 2405, auditors identify violations with a “direct and material effect” on financials.
The new standard casts a much wider net, seeking out any law or regulation that could “reasonably have a material effect,” even an indirect one. NOCLAR potentially expands the audit lens to encompass everything from labor laws to data privacy regulations.
The impact on auditors’ roles is significant, transitioning them to a more proactive stance constantly looking for potential red flags. This need for constant and proactive awareness could involve in-depth employee interviews, meticulous legal document reviews, and even enlisting legal specialists to navigate intricate areas. Communication with management and audit committees would also escalate, with auditors obligated to report potential non-compliance “as soon as practicable.”
PCAOB’s virtual roundtable and public comment
The PCAOB held a virtual roundtable on March 6, 2024, aimed to further gauge public sentiment. While investor groups championed NOCLAR, auditors, and businesses painted a grim picture of skyrocketing costs and strained relationships. During PCAOB’s lengthy public comment period (extended to March 18, 2024), the NOCLAR proposal received an unusually high 183 public comment letters, with nearly 78% opposing it.
Key concerns expressed during the comment period included:
- NOCLAR’s excessive expansion of scope
- Substantial cost increases
- Practical challenges in implementation
- Overreach of auditor responsibilities
During the roundtable, participants reiterated concerns about costs, auditor expertise, liability risks, and potential conflicts with state laws on privilege and confidentiality. Some argued that the proposal represents an overreach by regulators in transforming auditors into quasi-legal enforcement roles, distracting them from core financial statement responsibilities.
In short, while investors support enhancing auditors’ responsibilities around NOCLAR, there is significant pushback from auditors, companies, and legal professionals, who argue the proposal goes too far and could paradoxically undermine audit quality and financial reporting integrity.
What’s next?
The PCAOB is at a crossroads. Do they forge ahead with a potentially flawed proposal, or refine it in an attempt to achieve a delicate balance between investor protection and auditor burden? Their decision will have a ripple effect, shaping the future of financial reporting and the intricate dance between auditors and regulators. As of now, the NOCLAR proposal remains just that – a proposal under active consideration by the PCAOB. No final rules have been adopted yet.
If the PCAOB decides to adopt final NOCLAR rules after reviewing all the feedback received, the next step would be to submit the rules to the Securities and Exchange Commission (SEC) for approval, as required under the Sarbanes-Oxley Act.
The approval process by the SEC could take several months to over a year, depending on the SEC’s workload and whether they have any issues with the final NOCLAR rules proposed by the PCAOB.
Given the extent of opposition and open issues raised during the comment periods and roundtable, it’s likely that the PCAOB may need to substantially revise the original proposal before potentially issuing any final standard. This revision process could further delay the timeline.