PCAOB Considers Revisions to Audit Confirmation Standard

By Tina Chi

The Public Company Accounting Oversight Board April 14 unanimously agreed to issue for public comment a concept release on possible updates to the board's current 15-year old standard on audit confirmations, an auditing practice that might have exposed fraud sooner in some recent high-profile cases if it had been used more extensively.

Audit confirmations are the “process by which an auditor obtains and evaluates a direct communication from a knowledgeable third party in response to a request for information regarding account balances, transactions or other items that comprise a company's financial statements,” according to the board.

“[T]he need for an effective confirmation process was highlighted by the Bernard L. Madoff Investment Securities LLC and Satyam Computer Services Ltd. fraud investigations—and before that, the well-known fraud at the Italian dairy company, Parmalat SpA,” PCAOB member Steven B. Harris said.

“Public commentary on the concept release will assist the board and staff in exploring whether improvements to the current requirements on designing and using confirmations, and on the confirmation process itself, could result in a more consistent and effective application of the standard,” PCAOB Chairman Mark W. Olson said at the meeting.

Revisions to Standard Target Fraud

Audit confirmations emerged as one of the most critical parts of the audit process as early as 1930, when the consequences of inadequate confirmations were first publicized with the McKesson & Robbins Inc. scandal, where the auditor never attempted to authenticate what were ultimately falsified documents, Harris said. With recent fraud cases, auditors failed to authenticate adequately all parties involved in the process of reporting cash and investments, and investors and shareholders paid the greatest price, he said.

“Most of the audit failures I have mentioned involve the lack of confirmations of cash, investments, or other accounts and agreements, such as credit facilities or debt agreements—all of which are not required by the current standard. The current standard only requires the auditor to confirm accounts receivable, with the auditor instructed only to consider the need to confirm complex agreements or transactions,” he said.

“Virtually everyone agrees that the current auditing standard on confirmations should be modernized. It was written in the early 1990s, before technology gave us today's sophistication in security and encryption of e-mail and online transactions,” Harris added.

The board's current standard on audit confirmations, which it incorporated into its standard from standards developed by a previous private-sector body, is numbered AU 330.

At an April 2 meeting, PCAOB Standing Advisory Group members expressed support for the board's view that it may be appropriate to update the standard by clarifying expectations for the audit confirmation process in order to achieve a more consistent and effective application of the standard, Olson said (please see related article in this issue).

“AU 330 is not broken—in fact it is, in my view, basically sound. Confirmation is, however, an audit area in which there is room for improvement,” board member Daniel L. Goelzer said. “I view this proceeding as a step in the review and modernization of all of our interim standards with the goal of making any necessary revisions and then adopting permanent PCAOB auditing standards,” he said.

Technology Issues, Transparency Discussed in Release

The use of a concept release will provide additional transparency to the public, and will allow interested parties to have an early say regarding the board's direction in considering a new standard, Olson said.

“The release is intended to be understandable to general readers. The appendix, on the other hand, is somewhat more granular. It is designed primarily for auditors and seeks to elicit comments regarding technical issues,” Goelzer said.

According to PCAOB Associate Chief Auditor Dee Mirando-Gould, the board is seeking comment on the following audit confirmation topics in its concept release:

• expansion of the definition of audit confirmation;
• inclusion of guidance on complex transactions in regard to requirements for confirmations;
• design of confirmation requests;
• control over confirmation requests;
• reliability of confirmations;
• exceptions on confirmation responses;
• management's requests to forgo confirmations;
• disclaimers and restrictive language in confirmations; and
• negative confirmations.

“It is important today to update the standard on confirmations given the significant advances in technology and methods of communication. This concept release will provide additional transparency to the public and allow for early input regarding the Board's direction in considering a new standard,” Olson said.

The board is seeking input from audit practitioners and financial statement users, and other interested parties. “It is important that the PCAOB also hear from information technology audit and financial reporting specialists in considering the security implications of an electronic confirmation process,” Harris said.