by Glenn Cheney
Build it and they will come. Set higher audit standards, and companies will ask for them. Even if they don’t need to.
In accordance with the Sarbanes-Oxley Act of 2002, the Public Company Accounting Oversight Board is raising the bar for audits of public companies. The new requirements include a whole package of improvements and safeguards, such as concurring reviews, partner rotation, ethics standards and more stringent rules on independence.
The PCAOB’s first (and, so far, only) standard requires that audit reports of public companies include the statement, “We conducted our audits in accordance with the standards of the [PCAOB].”
But what about audits of non-public companies, those that do not issue stock and have nothing to do with either the PCAOB or the Securities and Exchange Commission?
Currently, as in the past, such audits must meet the standards of the American Institute of CPAs’ Auditing Standards Board.
Questions have arisen, however, about audits of board quality that are performed for non-public and not-for-profit companies.
The institute says that such audits ought to be so identified in the audit report, and that the standards of any such audits must meet the requirements of the whole PCAOB system of regulation.
“This is a fundamental shift in the standards that auditors report against,” said AICPA vice president of professional standards and services Arleen Thomas, who issued a paper on the subject to managing partners of audit firms.
“What this paper does is inform our members that if they want to audit a non-public company, and want to do so in accordance with PCAOB standards, they must remember that that includes not only the audit but the standards on attestation, quality control, ethics and independence, because that is a philosophical difference between [the PCAOB] standards and [the AICPA’s].”
Until the creation of the PCAOB and the subsequent promulgation of its interim standards, a CPA’s report for an audit of a company, whether public or non-public, would state that the company had been audited in accordance with generally accepted auditing standards, as represented by the Auditing Standards Board’s statements of auditing standards, which currently number from one through 101.
The AICPA has not finalized reporting guidance for audits of non-public companies that meet all the requirements of the PCAOB, but the institution has determined the wording to describe such audits. The first sentence of the second paragraph of such audit reports should read:
“We conducted our audit in accordance with generally accepted auditing standards as established by the AICPA’s Auditing Standards Board and in accordance with the standards of the Public Company Oversight Board (United States.)”
Keeping up with the Dow Joneses?
Thus far, few private companies are requesting (or are ready for) audits that meet the full set of PCAOB rules. But there are indications that more non-public companies will soon feel compelled to meet the board’s more rigorous standards.
Richard Caturano, president of Boston-based Vitale, Caturano & Co., has already seen a few non-public companies ask for better audits.
“We’re getting a little of this, but not a lot,” Caturano said. “It’s in the not-for-profit area, and in the case of entities which have some kind of public trust requirements or issues — financial institutions for example.”
Caturano said that he expected to see more requests as organizations concerned with public trust seek to protect both their integrity and image.
Trent Gazzaway, Grant Thornton’s national director of corporate governance advisory services, said that his firm has not yet received a request for a full-blown PCAOB-quality audit, but that companies are interested in going in that direction.
“We aren’t getting a lot of requests for audits that would meet the standards of the PCAOB, but we are getting a lot of requests from companies that want us to help them get their controls documented and get them ready so that they could be audited in that format,” Gazzaway said. “There are very few public companies ready for a full-blown audit of internal controls, so there are even fewer private companies interested in an audit of that nature. But we are getting a lot of requests from companies that are saying either, ‘I want to go public’ or ‘I want to get acquired by a public company and I know I’m going to need to have my controls documented.’ In fact, having those controls documented serves in a lot of respects as a reason for someone to pay a premium for the company.”
Nonprofit interest
Gazzaway said that not-for-profit organizations are showing even more interest than private companies. He sees two reasons. One is that the members of the boards of these companies are often on the boards of public companies and would like to see similar controls. The other is that not-for-profits have seen a recent wave of frauds that could have been prevented by more serious internal controls and more stringent audits.
Bob Fleming, director of audit and accounting at Albany-based Urbach, Kahn & Werlin LLP, said that he has yet to see a non-public company request a full PCAOB audit, but he sees things moving in that direction.
“We’ve had a lot of non-public companies wanting to govern themselves under Sarbanes-Oxley, including governments,” Fleming said. “The whole state of New York has a movement toward making independent agencies look more like public companies by having independent boards and requiring auditor rotation and such. We have that going on all over, with governments and not-for-profits. But we have not had any clients ask for [a PCAOB audit].”
Thomas said that the AICPA is going to look at its existing standards, especially Statement 58, to see whether the institute should require a report that refers to a system of regulation akin to the group of requirements that apply to audits of public companies.
“This is a time of an evolving environment,” Thomas said. “Our goal is to provide guidance to our members as new issues arise so that, as they audit non-issuers, they will have the appropriate information.”
