If the proposed changes to Auditing Standard No. 2 take hold, companies and auditors can take those troublesome catch phrases like “more than remote” and “more than inconsequential” and kiss them goodbye.
Whether anyone will want to embrace the next generation of terminology, however, is still unclear.
Goelzer
Under the reforms proposed last month by the Public Company Accounting Oversight Board, the vague definitions currently in AS2 would be replaced by new ones, such as “reasonable possibility” and “significant,” to give auditors more room to exercise professional judgment about whether a control deficiency exists. That shift, says PCAOB member Daniel Goelzer, would focus auditors on controls that have the greatest potential to prevent and detect misstatements.
“To underscore this point, AS2 terminology like ‘more than remote’ and ‘more than inconsequential’—which apparently confused the message as to the importance of a risk-based approach—has been abolished,” he says.
In its release outlining a proposed rewrite of AS2, the PCAOB proposes three major changes to the language behind describing a significant deficiency or a material weakness and when a company might need to issue a restatement.
First, the definitions of a significant deficiency and a material weakness would replace the phrase “more than remote likelihood” with “reasonable possibility.” The Board says the more-than-remote phrase has caused companies and auditors to interpret a much lower threshold than originally intended.
Second, AS2 says a material weakness is a “significant deficiency, or combination of significant deficiencies, that result in a more than remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected.” The Board’s proposed new definition would replace “significant deficiency” with “a control deficiency, or combination of control deficiencies.”
The Board says auditors have read the definition to mean that they are expected to find all significant deficiencies—rather than only all material weaknesses— during their audit procedures. “The audit of internal control does not require auditors to search for deficiencies that, individually or in combination, are less severe than material weaknesses,” the Board explained in announcing its proposed changes.
DEFINITIONS
Below is an excerpt of the PCAOB's proposed revisions to Auditing Standard No. 2, as they relate to definitions of material weaknesses and control deficiencies.
The evaluation of deficiencies is, inherently, one of the most difficult aspects of an audit of internal control. Given the individual characteristics of each company and each deficiency, any method for evaluating deficiencies will demand a high degree of professional judgment. Commentators have suggested that the definitions of both significant deficiency and material weakness in AS No. 2 are confusing and are contributing to the difficulty of assessing the severity of the deficiencies.
The Board believes that the existing framework in AS No. 2, which describes significant deficiencies and material weaknesses by reference to the likelihood and magnitude of a potential misstatement, is fundamentally sound. At the same time, however, the Board agrees that specific improvements to these definitions would simplify and clarify the standard. As a result, the proposed standard on auditing internal control includes three changes to these definitions:
Replacement of the term "more than remote likelihood" with the term "reasonable possibility"
In defining the terms "significant deficiency" and "material weakness" in AS No. 2, the Board used terms defined in Financial Accounting Standards Board's Statement No. 5, Accounting for Contingencies ("FASB Statement No. 5") to describe the threshold for likelihood of occurrence. The Board chose to use these terms because it believed that auditors and financial statement preparers were already familiar with how to apply them, and the Board expected that their use would promote consistency in the evaluation of deficiencies. FASB Statement No. 5 describes the likelihood of a future event occurring as "probable" "reasonably possible" or "remote" The definitions in AS No. 2 refer to a "more than remote" likelihood of a misstatement occurring. In accordance with FASB Statement No. 5, the likelihood of an event is "more than remote" when it is either "reasonably possible" or "probable."
The Board's monitoring of the implementation of AS No. 2 has shown, however, that some auditors and issuers have misunderstood the term "more than remote" to mean something significantly less likely than a reasonable possibility. This, in turn, may have caused these issuers and auditors to evaluate the likelihood of a misstatement at a much lower threshold than the Board intended. To encourage correct application of the definitions, the proposed standard replaces the reference to "more than remote likelihood" with "reasonable possibility" within the definitions of both material weakness and significant deficiency. To the extent that the term "more than remote" has resulted in auditors and issuers evaluating likelihood at a more stringent level than originally intended, this change should significantly improve the evaluation of deficiencies such that material weaknesses, when they are identified, are indeed the deficiencies that are most important.
Re-articulation of the definition of material weakness to exclude significant
deficiency
AS No. 2 defines a material weakness as "a significant deficiency, or combination of significant deficiencies, that result in a more than remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected." Reference within this definition to significant deficiency has raised concern that auditors may be performing their audits at a level of detail necessary to ensure that their procedures identify all significant deficiencies, rather than only all material weaknesses. The objective of an audit of internal control is to obtain reasonable assurance as to whether material weaknesses exist. The audit of internal control does not require auditors to search for deficiencies that, individually or in combination, are less severe than material weaknesses. To better explain the objective of the audit and minimize confusion, the Board's proposed standard uses the term "a control deficiency, or combination of control deficiencies," in place of the reference to significant deficiencies in the definition of material weakness.
Replacement of the term "more than inconsequential" with the term
"significant"
AS No. 2 defines a significant deficiency as a control deficiency, or combination of control deficiencies, that has a more than remote likelihood of resulting in a misstatement that is more than inconsequential. Several commentators expressed concern that the term "more than inconsequential" has caused companies and auditors to spend excess time identifying, discussing and fixing deficiencies that are not sufficiently important to the company's overall system of internal control. The Board is, therefore, proposing to re-articulate the definition of significant deficiency to better establish the threshold of what the Board believes is important enough to be identified as a significant deficiency. The proposed standard, therefore, replaces the term "more than inconsequential" with the term "significant" and defines "significant" as "less than material yet important enough to merit attention by those responsible for oversight of the company's financial reporting."
Source
Proposed Auditing Standard—An Audit Of Internal Control Over Financial Reporting That Is Integrated With An Audit Of Financial Statements (PCAOB; Dec. 19, 2006)
Third, as for determining a significant deficiency, AS2’s “more than inconsequential” phrase has led companies and auditors to focus on deficiencies “that are not sufficiently important” to the overall control system. As such, the PCAOB proposes replacing more-than-inconsequential with “significant,” and it defines significant as less than material but important enough to merit attention.
Jeffrey Thompson, vice president at the Institute of Management Accountants, calls the new definitions a big improvement. “The terms are much, much clearer and more intuitive to practitioners,” he says. “I would give fairly high marks on the new definitions for material weakness and significant deficiency.”
Kaiser
Gordon Kaiser, a securities attorney with the law firm Squire, Sanders & Dempsey, says the definitions represent a step in the right direction, but notes that auditors are still very wary of their liability in producing a clean audit. That caution is widely cited as a reason that Sarbanes-Oxley compliance costs have been so high.
“There’s no free lunch for the auditors on this,” Kaiser says. “They will continue to be responsible for the judgments they make and need to be sure the circumstances are appropriate for the judgments they make. There’s a tendency for more conservative auditors to not stray far from the language of the rules in making their judgments. The specter of Arthur Andersen [the audit firm that helped hide the Enron fraud] is still pretty close and pretty awful.”
Anand
Sanjay Anand, chairman of the SOX Institute, is equally cautious. “The external audit function is an inherently risk-averse one and therefore it will be difficult, if not impossible, to agree on the line between risk levels, materiality thresholds, and control efficacy,” he says. “This is still subjective and highly dependent upon the quality of the company’s annual evaluation process and its ongoing monitoring activities as well as the competence and objectivity of those performing the work.”
Others are more openly critical. “It looked a bit like rearrangement of the deck chairs to me,” says Mike Tankersley, a securities attorney with the law firm Bracewell & Giuliani. “This is trying to create more of a safe zone to do lighter auditing, but without necessarily relieving the auditors themselves of their concerns about their level of exposure. Auditors have said, ‘Until you give us the leeway to perform a lighter audit, we’re going to do what we have to do.’”
Tankersley
That would mean continued demand for plenty of documentation to support audit conclusions, which drives up audit costs, Tankersley admits. And he says it’s not clear whether auditors will find the leeway in the new language that they are seeking.
“On one level it will help if the Board lowers the bar a little to help auditors establish that they executed reasonable procedures,” he says. “On the other hand, this is done in hindsight, so it remains to be seen whether changes in terminology will give auditors the comfort level to reduce their procedures.”
Selling
Tom Selling, an adviser to the Association of Audit Committee Members and a financial reporting consultant, sees no meaningful change in the definitions, simply clarification of what they were intended to mean. If regulators are serious about reducing excessive auditing—and consequently cutting SOX compliance costs—they should establish thresholds based on numbers, not language, he contends.
“Whatever the terms are, if they want to clarify and simplify, the easiest way to clarify and simplify is to give us a number,” he says. “Business people have been trained for generations to make decisions based on subjective measures of probability. Many of the issues the PCAOB is now addressing could have been avoided if they had expressed the likelihood of a material misstatement as a number instead of using ambiguous terminology.”
Selling acknowledges that regulators want to avoid bright-line rules because they want room to exercise judgment as well. But, he warns, the more vague boundaries of a principled threshold rather than a numerical one could lead to different thresholds for different audits.
“Would it be a different probability threshold for smaller companies [than] for larger one[s]? Absolutely not,” he says. “If that’s the case, why don’t you just give us a number, especially if they’re interested in reducing audit costs? Every auditor is going to argue about what a ‘remote likelihood’ is, whereas no one can argue what 0.4 means.”
Stevens
In an early comment letter to the revised auditing rules, Dennis Stevens, director of internal audit for the Alamo Group, says the new rules will do nothing to resolve audit firms’ concerns about potential liability, which he sees as the root cause of excessive auditing.
Stevens also doubts that the AS2 reforms would achieve the PCAOB’s goal of having auditors tailor their audits to the attributes of individual companies, specifically the smaller, non-accelerated filers that will start to comply with SOX at the end of this year. “These may be laudable objectives, but if achieved they will not change the U.S. litigation environment and they will not reduce the audit firms’ valid concerns about their concomitant risk of liability,” he wrote.
No comments yet