PCAOB Auditing Standards, Not Accounting Standards

The Public Company Accounting Oversight Board (PCAOB) is a nonprofit corporation created by the Sarbanes-Oxley Act of 2002 to oversee the audits of public companies. Its mission is to protect investors and promote the public interest by ensuring the preparation of informative, accurate, and independent audit reports. The PCAOB establishes auditing and professional practice standards for auditors to follow, not the accounting standards that companies use to prepare their financial statements. The Financial Accounting Standards Board (FASB) is responsible for setting those accounting standards, known as Generally Accepted Accounting Principles (GAAP). The PCAOB was a response to major corporate and accounting scandals of the early 2000s, which undermined public trust in financial reporting and the audit profession.

Scope of PCAOB Authority

The PCAOB’s authority extends to “registered public accounting firms” that prepare or issue audit reports for “issuers.” An issuer is a company that has securities traded on a public exchange and is required to file reports with the U.S. Securities and Exchange Commission (SEC). This includes not only U.S.-based companies but also non-U.S. companies that list their securities in the United States. The PCAOB also oversees the audits of broker-dealers registered with the SEC.

To legally perform an audit for an issuer, an accounting firm must register with the PCAOB. This registration subjects the firm, regardless of its size or location, to the PCAOB’s jurisdiction. This means the firm must adhere to the board’s professional practice standards, submit to regular inspections, and cooperate with any potential investigations.

The Rulemaking and Standard-Setting Process

The PCAOB’s standard-setting is a public process that begins when the board identifies a need for a new or amended standard. This need can arise from various sources, including findings from PCAOB inspections, economic research, recommendations from advisory groups, or emerging market issues. Once an issue is prioritized, the PCAOB’s staff develops a formal proposal, which is then released to the public for comment, allowing feedback from investors, audit firms, and public companies.

After analyzing public feedback, the board may adopt a final rule at an open meeting. Under the Sarbanes-Oxley Act, all PCAOB rules and standards must be submitted to the SEC for final approval. The SEC also publishes the proposed rule for public comment before making a final decision. Only after SEC approval do the standards become legally enforceable.

Core Areas of PCAOB Auditing Standards

PCAOB auditing standards cover several core areas that provide a framework for conducting a high-quality audit.

General Principles and Responsibilities

This area covers the obligations and mindset of the auditor. One concept is exercising “due professional care,” which requires the auditor to act with diligence and competence. It also emphasizes “professional skepticism,” meaning auditors must conduct their work with a questioning mind and a critical assessment of audit evidence, not simply accepting management’s explanations. These standards establish ethics and independence rules, prohibiting auditors from having financial interests or certain other relationships with their audit clients to ensure their judgment remains objective.

Audit Planning and Risk Assessment

Auditors are required to gain a deep understanding of the company’s business, its industry, and its internal controls to identify risks that could lead to material misstatements in the financial statements. This involves assessing both inherent risks related to the business and the risk that the company’s controls might fail to prevent or detect an error. This risk-based approach allows auditors to focus their efforts on the areas of the financial statements that are most susceptible to problems.

Auditing Internal Control Over Financial Reporting

A mandate of the Sarbanes-Oxley Act is the requirement for auditors to perform an integrated audit for most public companies. This means the auditor must provide an opinion not only on the financial statements but also on the effectiveness of the company’s internal control over financial reporting (ICFR). Internal controls are the processes implemented by a company to ensure the reliability of its financial reporting. The auditor’s work involves testing these controls to determine if they are designed and operating effectively.

The Auditor’s Report

The auditor’s report is the culmination of the audit and the primary communication from the auditor to investors. The standards dictate the content and format of this report. The report includes the auditor’s opinion on whether the company’s financial statements are presented fairly, in all material respects, in conformity with the applicable financial reporting framework, which is typically GAAP. It also includes the auditor’s opinion on the effectiveness of ICFR and discloses any critical audit matters, which are issues that were particularly challenging or required complex auditor judgment.

Inspections and Enforcement

The PCAOB ensures compliance with its standards through inspections and enforcement. The Division of Registration and Inspections conducts regular reviews of the work performed by registered accounting firms. Firms that audit more than 100 issuers are inspected annually, while those auditing 100 or fewer are inspected at least once every three years. During an inspection, PCAOB staff review selected audit engagements and the firm’s overall system of quality control.

If an inspection reveals potential deficiencies in how an audit was performed or weaknesses in a firm’s quality control system, the PCAOB issues an inspection report. Part I of the report, which describes audit deficiencies, is made public. Part II, which details quality control criticisms, is only made public if the firm fails to remediate the issues to the board’s satisfaction within 12 months.

For more serious violations of PCAOB standards or securities laws, the Division of Enforcement and Investigations can conduct confidential investigations that may involve demanding documents and taking sworn testimony. If a violation is found, the PCAOB can impose disciplinary actions. These may include monetary penalties, requiring changes to a firm’s quality control procedures, or limiting an individual or firm from auditing public companies, either temporarily or permanently.