Apromore Senior Advisor Nigel Adams shares his views on recent updates in audit liability standards with the amendment to PCAOB Rule 3502, and how process mining and intelligence offers an advanced solution for audit assurance.
While TD Bank’s $3.09 billion fine was grabbing all the compliance headlines last month, an amendment to PCAOB1 Rule 3502 governing contributory liability, approved by the SEC2 in August 2024, has certainly captured U.S. public auditors’ attention. Although audit firms can be held accountable for violations to accounting standards due to negligence, under the original PCAOB Rule 3502, an individual, e.g., an audit professional, can only be held accountable if their conduct was at least reckless, a more stringent standard than negligence. PCAOB’s data suggests that charges were brought against individuals in only 31% of cases where audit firms were sanctioned3. The amendment aims to address this misalignment and changes the individual’s liability standard from recklessness to negligence. For those who rely on the quality and accuracy of audits, such as investors, this is a welcome change that will instill greater trust in financial markets.
However, the PCAOB recognizes “self-protective behavior” as one of the potential unintended consequences of introducing the amendment. In this case the “self-protective behavior” is excessive monitoring and documentation, leading to an inefficient and misplaced allocation of time and resources, potentially impacting the overall quality of the audit.
Excessive monitoring and documentation can lead to inefficient use of time and resources, potentially affecting audit quality.
In the past, providing reasonable assurance that financial statements were free of material misstatement involved trawling through source transactions to ensure the integrity of the accounts dependent on them. It was resource-intensive and sample-based. While electronic audit tools and the use of audit software is speeding up the audit process and reducing the resource intensity, the ability to monitor process compliance in large, complex, client organizations is still challenging, as the TD Bank case demonstrates.
Apromore Compliance Center may be part of the solution. The ability to quickly establish a wide range of standardized controls, which can be tested on the full population of transactional data from a process, can provide both peace of mind for audit professionals and ensure that resources are focused on other matters associated with professional care. The Apromore Compliance Center automatically checks every transaction in the dataset, against every control and all violations are reported, documented, reducing the risk of human error as well as the level of resources required to test. With comprehensive metrics and dashboard capabilities, process audit results are more transparent, and the root cause of violations can be quickly established to provide further insight.
Rather than worrying about monitoring and documenting, auditors can turn their attention to applying professional skepticism and judgement to the Compliance Center’s audit insights when forming their professional opinion.
Learn more about Apromore Compliance Center and product tour here.