In this new statement, SEC Chief Accountant Paul Munter—no longer “acting” Chief, he got the job—discusses some of the issues arising out of the increased use by lead auditors of other accounting firms and individual accountants (referred to as “other auditors”) on many issuer audit engagements. While, in this context, much of the responsibility falls on the lead auditors, audit committees also have an important oversight role, and Munter has some useful advice for audit committee members.
Some issues related to the use of other auditors. According to Munter, in 2021, lead auditors used other auditors in 26% of all issuer audit engagements and 57% of large accelerated filer audits. He observes that “recent academic research indicates an inconsistent quality of work performed by other auditors, which is potentially detrimental to investor confidence in the quality of financial information.” Accordingly, the lead auditor, and especially the lead engagement partner, have an important role in providing investor protection “by safeguarding against engagement performance failures due to inadequate planning, supervision, and oversight of other auditors…. [A]dherence to current auditing standards can help prevent the inconsistent audit quality issues that recent academic literature reveals and that we have observed.”
The staff have identified a number of shortcomings in connection with lead auditors’ performance of their responsibilities related to other auditors, including network members. For example, some other auditors have played a “substantial role” in the audit, but were not registered with the PCAOB, a violation of PCAOB rules. PCAOB rules require firms that perform a “substantial role” in the audit of an issuer to be registered with the PCAOB, and, Munter emphasizes, if they are supposed to be registered and are not, the “issuer’s financial statements are considered to be ‘not audited.’” As a consequence, any “accompanying annual report, proxy statement, or registration statement containing or incorporating by reference such financial statements creates potential liabilities for the issuer and others, and may result in time consuming and costly remediation efforts.”
In addition, there have been inaccuracies about other auditors in communications to audit committees and in Form AP filings. Munter advises that, because “audit quality may not be the same in all accounting firms within a network, clear, accurate communication with the audit committee about which firms performed the work and the steps the lead auditor took to drive greater consistency in audit quality throughout the performance of the engagement is critical to the audit committee’s ability to oversee and evaluate the performance of the independent audit firm.”
In addition, SEC and PCAOB staff have noted that some firm quality control systems “fail to provide reasonable assurance that firm personnel, including personnel of other audit firms, were in compliance with applicable professional standards in an audit engagement.” Lead audit firms, Munter advises, should have critical incremental quality control policies and procedures covering supervision and review of other auditors involved in the audit. In addition, some U.S. requirements may not apply in other countries, such as SOX 404, and academic research and PCAOB inspections have found that “execution of audit procedures over internal control over financial reporting is challenging for auditors outside of the U.S., including network-member firms.” Other auditors outside the U.S. may also lack sufficient understanding and controls regarding independence requirements, requiring careful monitoring as part of quality control systems and “proactive measures across the network to identify and monitor foreseeable independence violations under Rule 2-01 of Regulation S‑X.”
Munter advises that, to enhance audit quality and lead auditors’ supervision of the work of other auditors, lead auditors will need to consider the relevant risks and apply the appropriate PCAOB standards. To that end, “it is imperative that the audit firm’s system of quality control is dynamic and robust, consistent with PCAOB’s quality control standards and the Commission’s auditor independence requirements, in order to appropriately identify and assess risks related to involvement of other auditors, including network firms, and design and implement the appropriate responses.”
Good practices for audit committees. Munter has a number of recommendations for audit committees in connection with the lead auditor’s use of other auditors. He advises that audit committees actively engage with the lead auditor regarding “the sufficiency of their quality control system, specifically those policies and procedures around supervision and evaluation of the audit work performed by other auditors. This also includes giving careful consideration to the lead auditor’s use of other auditors, especially in areas of significant risk, and engaging in related dialogue in response to communication requirements.” Under AS 1301, in communicating the overall audit strategy to the audit committee, the auditor “should communicate names, locations, and planned responsibilities of other auditors that perform audit procedures.”
Munter suggests that audit committees consider the following questions for their lead auditors:
- “Are there other participating accounting firms that play a substantial role in the audit?
- If so, are they registered with the PCAOB and subject to PCAOB inspections?
- How does the lead auditor supervise the audit work performed by other auditors?
- How does the lead auditor assure that the work is being performed by other auditors that understand the requirements of the applicable financial reporting framework and the PCAOB’s auditing and related professional standards?”
In light of the consequences of failure to register with the PCAOB when required, Munter stresses that management and audit committees should engage with the auditors regarding the PCAOB registration status of other auditors.