Noncompliance with laws and regulations (NOCLAR) pertains to suspected or identified noncompliance, including fraud, by CPAs. How this knowledge or suspicion impacts a current or successor CPA firm within the constraints of the AICPA Code of Professional Conduct confidentiality guidance of ET 1.700, as well as a range of nuanced state laws and regulation pertaining to client/employer confidentiality, has been at the core of the profession’s years-long wrestling with NOCLAR issues.
In March 2021, AICPA’s Professional Ethics Executive Committee (PEEC) and Auditing Standards Board (ASB) issued exposure drafts on NOCLAR considerations. PEEC and ASB have two different goals in their proposals, and the implications will affect all CPAs, particularly those who are in public practice and provide attest services. (Note: The author is a member of the PEEC.)
Having worked on its proposal since 2017 as part of international convergence efforts, PEEC is proposing two interpretations: one to respond to the needs of AICPA members in public practice (target ET Section 1.170.010) and another for members in business (target ET Section 2.170.010). The proposals are generally as follows:
- Make necessary modifications that will enhance clarity through proposed NOCLAR interpretations so as to be relevant to U.S. members of the AICPA.
- Better serve the public interest with the inclusion of “robust guidance” to set forth what a member’s responsibilities are when encountering a NOCLAR situation at a client or where they are employed. (The AICPA Code of Professional Conduct does not currently provide specific guidance for members who encounter or suspect NOCLAR.)
- Establish a general objective for members who encounter a NOCLAR to “alert the appropriate parties to enable a client’s or employing organization’s management and those charged with governance to rectify the NOCLAR, mitigate the effects of the NOCLAR, or deter the commission of the NOCLAR.”1
A NOCLAR can be a commission or an omission, either intentional or unintentional, that is contrary to prevailing laws or regulations and that is committed (or suspected to have been committed) by a client, an employer, or those charged with governance of a client or an employer.
Because of this framework, PEEC bifurcated the guidance for members in public practice, providing separate requirements for members providing financial statement attest services and for members providing services other than financial statement attest services (nonattest services, except those excluded by specific carve-out).2
A member discovering a NOCLAR for a financial statement attest services client will be required to do the following:
- Obtain an understanding of the matter, including the nature of the act and the circumstances surrounding its occurrence.
- Discuss the matter with the appropriate level of management and, if appropriate, those charged with governance.
- Advise the client to take appropriate actions to rectify or remediate the NOCLAR and, where appropriate, disclose the matter to an authority where required by law or regulation.
- Consider withdrawing from the engagement, unless prohibited by law or regulation, if management’s response is not appropriate.
Members providing services other than financial statement attest services would only be required to take the following steps:
- Seek to obtain an understanding of the matter.
- Communicate the matter to the appropriate level of management and those charged with governance if the member has access to them (without having to “advise management to take specified, appropriate, and timely actions”).
They are also encouraged (rather than being required) to document certain aspects of the NOCLAR.
As an option to address suspected or identified fraud or NOCLAR matters, the ASB proposes keeping the revisions to auditing standards generally accepted in the United States (GAAS) fairly narrow to management-authorized communications between predecessor and successor, and is not required to be made to outside parties.
Understand the following before accepting an engagement:
- The auditor is required to request management to authorize the predecessor auditor to respond fully to the auditor’s inquiries. If management authorizes the predecessor to respond, the auditor is required to inquire of the predecessor regarding suspected or identified fraud or matters involving NOCLAR.
- The predecessor is required to respond fully and to indicate if the response is limited.3
- The auditor should evaluate the predecessor’s response and consider if there is no, or limited, response when determining whether to accept the engagement.
If management does not authorize the predecessor to respond, the auditor is required to inquire about the reasons for management’s “no,” and to consider the implications of refusal in deciding whether to accept the engagement.
To retain the auditor’s professional judgment, the ASB believes the requirement to evaluate nonauthorizations by management, and any limited or no responses from the predecessor, as potential concerns that could influence the engagement acceptance process.
So, is the Accounting and Review Services Committee (ARSC) standing on the sidelines? Not necessarily. The PEEC and ASB exposure drafts are open for comment through June 30, 2021. If approved and ratified without modifications, expect the ARSC to undertake an agenda item to consider whether NOCLAR communications could apply in performance standards that currently make communications between successor and predecessor completely optional.
Further, expect to see a number of FAQs developed by PEEC pertaining to NOCLAR and nonattest services. While matters potentially involving NOCLAR could present themselves in the course of providing nonattest services, certainly tax services jump out as vulnerable areas. Accordingly, PEEC gave definitive considerations to IRC Section 7525 and Kovel situations as well.
1 Exposure Draft: Proposed Interpretations and Definition: Responding to Noncompliance with Laws and Regulations.
2 Exclusion carve-outs for litigation or investigation engagements as defined in, and subject to, AICPA’s Statement on Standards for Forensic Services (SSFS) No. 1 (FS Sec. 100).
3 Per the proposed revision to AU-C Section 210, “However, when the predecessor auditor decides, due to impending, threatened, or potential litigation; disciplinary proceedings; or other unusual circumstances, not to fully respond to the auditor’s inquiries, the predecessor auditor should clearly state that the response is limited. Such circumstances are expected to be rare.”
James J. Newhard, CPA, is a sole practitioner in Paoli, a CPE presenter for Kaplan Financial Education, and a past-president of PICPA’s Greater Philadelphia Chapter. He serves on numerous PICPA technical A&A and tax committees, is a member of the
Pennsylvania CPA Journal Editorial Board, and serves on AICPA’s PEEC committee. He can be reached at firstname.lastname@example.org or @CatalystJimCPA.