a change in PCAOB standards may pose challenges for auditors

This is an article reprint from the Governance Issues™ Newsletter, Volume 2016, Number 1, published on February 8, 2016.

Conversations on related party relationships and transactions are raging this year within audit firms, audit committees and management groups of public companies, thanks to a relatively new auditing standard. The Public Company Accounting Oversight Board’s (PCAOB or Board) auditing standard number 18 (AS-18) raises the bar for auditors in three critical areas. While this standard has been in effect since 2015, its impact is likely at an all-time high, as external audit firms face another tough round of PCAOB inspections. Whether you are on the audit side or the client side, you are likely to feel the heat from this recent standard. This article addresses the scope, definitions and challenges pertaining to AS-18 for both SEC registrants and their auditors.

Scope

Although AS-18 is largely thought of in terms of related party transactions, the scope covers much more, as it establishes auditing responsibilities for:

  1. Relationships and transactions with related parties
  2. Significant transactions that are outside the normal course of business for the company or that otherwise appear to be unusual due to their timing, size or nature, and
  3. Financial relationships and transactions with executive officers.

Collectively, these three areas are referred to as “the critical areas.” According to the PCAOB’s press release on AS-18, the Board took this action “because these transactions and relationships could pose increased risk of material misstatement in company financial statements.” While these critical areas have long been subject to audit scrutiny, this standard raises the bar for auditors with precise guidance and expectations. The press release quotes PCAOB’s Chief Auditor and Director of Professional Standards, saying “the new performance requirements for auditors are designed to provide a cohesive audit approach to three challenging areas that warrant additional auditor effort and focus.

The PCAOB views the auditor’s efforts for these three critical areas as complementary, since working in one area can easily relate to one or both of the other areas. The essence of AS-18 is to enable the auditor to conclude whether the company has properly identified, accounted for and disclosed relationships and transactions with related parties and executive officers, as well as significant unusual transactions.

AS-18 requires auditors to obtain an understanding of the company’s process, perform inquiries and communicate with the audit engagement team and other auditors. Moreover, the auditor is expected to perform risk assessment procedures required by AS-12 for the critical areas. Additional procedures also kick-in when related party transactions exist, including testing the accuracy and completeness of the relationships and transactions. The auditor must now go further than making some basic inquiries and obtaining management’s representations. Of course, as with all audit standards, the interpretation of the requirements rests on the auditor’s judgment. Simply put, the greater the risk of material misstatement (RMM), the more work effort is expected of the auditor. The increased expectations posed by AS-18, combined with the PCAOB’s tendency to focus on recently issued standards in their inspections, has audit firms laser-focused on related party transactions.

Perhaps the most insightful guidance per AS-18 is Appendix A to Appendix 1 (pages A1-13 through A1-15). This Appendix contains sources of information and examples that may be gathered by the auditor to indicate that related party relationships or transactions exist. It is well worth the effort for both companies and auditors to read and consider these three pages.

Definitions

Be careful with definitions, as “related parties” as defined in U.S. GAAP is different than “related persons” as defined in Item 404(a) of SEC Regulation S-K. Of course, these definitions have two distinct purposes. The first term is for external financial statement purposes. The second term is for disclosure purposes in complying with Item 13, Part III of the Form 10-K, which is often incorporated by reference from the registrant’s proxy statement. Hence, the definition pertinent to AS-18 is contained in the Financial Accounting Standards Board (FASB) Accounting Standards Codification® (ASC), which is the source of U.S. GAAP. Specifically, ASC 850-10-20 defines “related parties” to include:

  1. Affiliates of the entity
  2. Entities for which investments in their equity securities would be required, absent the election of the fair value option under the Fair Value Option Subsection of ASC 825-10-15, to be accounted for by the equity method by the investing entity
  3. Trusts for the benefit of employees, such as pension and profit-sharing trusts that are managed by or under the trusteeship of management
  4. Principal owners of the entity and members of their immediate families
  5. Management of the entity and members of their immediate families
  6. Other parties with which the entity may deal if one party controls or can significantly influence the management or operating policies of the other to an extent that one of the transacting parties might be prevented from fully pursuing its own separate interests
  7. Other parties that can significantly influence the management or operating policies of the transacting parties or that have an ownership interest in one of the transacting parties and can significantly influence the other to an extent that one or more of the transacting parties might be prevented from fully pursuing its own separate interests

This definition heavily hinges on the following terms as also defined by ASC 850-10-20: affiliate, control, immediate family, management and principal owners. Each of these terms, as well as the entire definition, requires careful understanding and attention. It is not uncommon for companies to call upon legal counsel to help ensure that the definition is appropriately applied. A misstep on this front can be a violation of U.S. GAAP. It can also potentially trigger adverse legal actions in the event an investor or creditor felt they were misled due to either a non-disclosure or an incorrect disclosure.

Challenges from the Company’s Perspective

The company’s objective is to have adequately designed internal controls over financial reporting that are operating effectively to reasonably ensure that errors and fraud are prevented and detected for the critical areas. This means that all relationships and transactions with related parties and executive officers, as well as significant unusual transactions, have been identified, accounted for and adequately disclosed in their financial statements.

  • Do we thoroughly understand and utilize the relevant U.S. GAAP definition of related party?
  • Do we have adequate controls to identify, account for and disclose relationships and transactions with related parties and executive officers, as well as significant unusual transactions?
  • Do we incorporate the risks of related parties and unusual transitions, including fraud considerations, into our risk assessment?
  • Have all relationships and transactions with related parties and executive officers, as well as significant unusual transactions, been identified and adequately disclosed?
  • Have we done enough?

Challenges from the Auditor’s Perspective

The auditor’s objective is to obtain sufficient appropriate audit evidence to conclude if all significant relationships and transactions with related parties and executive officers, as well as unusual transactions, have been properly identified, accounted for and disclosed in the audited financial statements.

  • Do we thoroughly understand AS-18?
  • What constitutes “sufficient appropriate audit evidence” as required by the standard and interpreted by the PCAOB?
  • How much risk (inherent and control) has our client taken on, and what is the impact to RMM?
  • Have all significant relationships and transactions with related parties and executive officers, as well as unusual transactions, been identified and adequately disclosed?
  • Did we conduct adequate audit procedures and are they sufficiently documented?

Obviously there are many more considerations in addressing AS-18. However, if auditors and preparers successfully answer these respective questions, they are well on their way in addressing the critical areas of AS-18.


Ron Kral

Ron Kral (CPA, CMA, CGMA), is a partner of Kral Ussery LLC, a public accounting firm delivering advisory services, litigation support and internal auditing to U.S. public and private companies. He is an advisor, trainer and catalyst for companies to protect and grow client shareholder value. Prior to being a founding member of Kral Ussery, he formed Candela Solutions LLC, which is a wholly owned affiliate of Kral Ussery LLC. He has worked with hundreds of clients as a public accountant, many through Big-4 firms.

Ron has a mix of industry and public accounting experience. He was a general manager of a business unit for a multi-billion-dollar technology company traded on the NYSE. Previously, he was a principal consultant with PricewaterhouseCoopers where he led operational audits and internal control projects. He began his public accounting career with a California CPA firm as a financial auditor where he signed audit opinions upon becoming Managing Director of the firm’s Orange County office. Ron launched his career as a performance auditor with the California State Auditor.

Ron is a nationally recognized speaker on accounting matters, auditing standards, controls, fraud, governance, risks, and SEC compliance. He promotes practical approaches with a keen focus on business realities anchored in professional and regulatory standards. Ron is a member of 4 of the 5 COSO sponsoring organizations; the AICPA, FEI, IIA, and IMA. He holds an MBA from Arizona State University and a BBA from the University of Wisconsin, Madison. Ron resides in Las Vegas, Nevada, but travels the US weekly to client locations. He can be reached at [email protected] or www.linkedin.com/in/ronkral.

Related Post