Catches us up with the status of how CPAs should respond to a client's noncompliance with laws and regulations.
by James J. Newhard, CPA May 26, 2021, 08:47 AM
Noncompliance with laws and regulations (NOCLAR) pertains to suspected or identified noncompliance, including fraud, by CPAs. How this knowledge or suspicion impacts a current or successor CPA firm within the constraints of the AICPA Code of Professional Conduct confidentiality guidance of ET 1.700, as well as a range of nuanced state laws and regulation pertaining to client/employer confidentiality, has been at the core of the profession’s years-long wrestling with NOCLAR issues.
In March 2021, AICPA’s Professional Ethics Executive Committee (PEEC) and Auditing Standards Board (ASB) issued exposure drafts on NOCLAR considerations. PEEC and ASB have two different goals in their proposals, and the implications will affect all CPAs, particularly those who are in public practice and provide attest services. (Note: The author is a member of the PEEC.)
Having worked on its proposal since 2017 as part of international convergence efforts, PEEC is proposing two interpretations: one to respond to the needs of AICPA members in public practice (target ET Section 1.170.010) and another for members in business (target ET Section 2.170.010). The proposals are generally as follows:
A NOCLAR can be a commission or an omission, either intentional or unintentional, that is contrary to prevailing laws or regulations and that is committed (or suspected to have been committed) by a client, an employer, or those charged with governance of a client or an employer.
Because of this framework, PEEC bifurcated the guidance for members in public practice, providing separate requirements for members providing financial statement attest services and for members providing services other than financial statement attest services (nonattest services, except those excluded by specific carve-out).2
A member discovering a NOCLAR for a financial statement attest services client will be required to do the following:
Members providing services other than financial statement attest services would only be required to take the following steps:
They are also encouraged (rather than being required) to document certain aspects of the NOCLAR.
As an option to address suspected or identified fraud or NOCLAR matters, the ASB proposes keeping the revisions to auditing standards generally accepted in the United States (GAAS) fairly narrow to management-authorized communications between predecessor and successor, and is not required to be made to outside parties.
Understand the following before accepting an engagement:
If management does not authorize the predecessor to respond, the auditor is required to inquire about the reasons for management’s “no,” and to consider the implications of refusal in deciding whether to accept the engagement.
To retain the auditor’s professional judgment, the ASB believes the requirement to evaluate nonauthorizations by management, and any limited or no responses from the predecessor, as potential concerns that could influence the engagement acceptance process.
So, is the Accounting and Review Services Committee (ARSC) standing on the sidelines? Not necessarily. The PEEC and ASB exposure drafts are open for comment through June 30, 2021. If approved and ratified without modifications, expect the ARSC to undertake an agenda item to consider whether NOCLAR communications could apply in performance standards that currently make communications between successor and predecessor completely optional.
Further, expect to see a number of FAQs developed by PEEC pertaining to NOCLAR and nonattest services. While matters potentially involving NOCLAR could present themselves in the course of providing nonattest services, certainly tax services jump out as vulnerable areas. Accordingly, PEEC gave definitive considerations to IRC Section 7525 and Kovel situations as well.
1 Exposure Draft: Proposed Interpretations and Definition: Responding to Noncompliance with Laws and Regulations.
2 Exclusion carve-outs for litigation or investigation engagements as defined in, and subject to, AICPA’s Statement on Standards for Forensic Services (SSFS) No. 1 (FS Sec. 100).
3 Per the proposed revision to AU-C Section 210, “However, when the predecessor auditor decides, due to impending, threatened, or potential litigation; disciplinary proceedings; or other unusual circumstances, not to fully respond to the auditor’s inquiries, the predecessor auditor should clearly state that the response is limited. Such circumstances are expected to be rare.”
James J. Newhard, CPA, is a sole practitioner in Paoli, a CPE presenter for Kaplan Financial Education, and a past-president of PICPA’s Greater Philadelphia Chapter. He serves on numerous PICPA technical A&A and tax committees, is a member of the Pennsylvania CPA Journal Editorial Board, and serves on AICPA’s PEEC committee. He can be reached at firstname.lastname@example.org or @CatalystJimCPA.