The Public Company Accounting Oversight Board (PCAOB) has published an Information Release1 directed to the audit committees of public companies, including investment companies, to assist them in understanding the PCAOB’s inspections of their audit firms and in gathering useful information from their audit firms about those inspections. The PCAOB believes that information about those inspections can assist audit committees in carrying out their oversight role, and suggests that not all audit committees have been getting all information they might find useful.
PCAOB inspects larger public company audit firms annually and other firms triennially. A key part of that inspection consists of PCAOB staff review of the firm’s audits of selected public companies. These companies are not selected randomly, but because the PCAOB believes their audits present more significant risks of financial reporting misstatements, related auditing challenges and audit deficiencies, and the inspection focuses on those higher-risk portions of the audit. The PCAOB does not inform a company’s management that its audit has been selected for review, nor does it inform the company of any deficiencies that it finds in the audit, although in some cases the PCAOB staff may seek an interview with the chairperson of the audit committee or otherwise seek information from the company.
Confidentiality provisions of the Sarbanes-Oxley Act prevent the PCAOB from publishing all of the criticisms of an audit firm that may result from an inspection, and the PCAOB believes that precludes it from identifying publicly those companies whose audits have been found to be deficient. Nonetheless, the PCAOB publishes certain of that information (after completion of an inspection) on its website as Part I. The public information describes those deficiencies that the PCAOB found for all audits with such deficiencies by company, but the companies are identified only by letter code, and the details are usually so generic that the identity of the company cannot be inferred.2 The PCAOB is not precluded, however, from passing along company-specific information about apparent deficiencies to the Securities and Exchange Commission staff, and it routinely does so.
The release notes that audit firms are not required to disclose any information about an inspection to audit clients, even to a client whose audit has been selected and found to include one or more deficiencies. Audit firms may, however, voluntarily disclose any and all information about an inspection to an audit client, and many firms provide at least some information to audit clients, especially a company whose audit is part of an inspection.3
The release suggests certain questions that an audit committee might usefully put to its audit firm about a PCAOB inspection:
An audit deficiency identified by the PCAOB staff and forwarded by it to the SEC could be the first step on the unhappy road to a restatement, or a finding of a material weakness in internal controls that was not disclosed. For that reason alone, audit committees would do well to keep themselves informed on a reasonably current basis about aspects of the current or latest PCAOB inspection that are relevant to the company’s financial statements and internal controls.
If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers:OBrien-Michael
1 Information for Audit Committees about the PCAOB Inspection Process, Aug. 1, 2012.
2 A Part I for a larger audit firm might describe one or more deficiencies for “Company A” through “Company Z.”
3 The NYSE audit committee rules in effect require committees of NYSE-listed companies to review at least annually a report by the audit firm describing any material issues raised by, among other things, the most recent PCAOB inspection.
This article was originally published by Bingham McCutchen LLP.