Auditors and Compliance: Part 1 – Auditors and Illegal Activities | Thomas Fox – Compliance Evangelist

When it comes to compliance, one area that requires increased attention is the role of auditors in detecting, assessing and communicating illegal actions. Recently, the PCAOB released a document titled HEADLIGHT Responsibilities of the auditor for the detection, assessment and communication of illegal activities. It outlines the responsibilities of auditors in assessing a company’s compliance with laws and regulations. These responsibilities have far-reaching implications for corporate compliance professionals because they directly influence how auditors evaluate and report potential unlawful acts that may impact financial statements and overall corporate integrity.

I will come back to this in the next blog posts HEADLIGHT. In today’s blog post, we will discuss the auditor’s responsibilities for a compliance program, including the steps to identify illegal acts, the evaluation process, and the requirements for reporting results to management, audit committees, and potentially the SEC. Tomorrow I will share 10 key takeaways for compliance professionals regarding their role in interacting with compliance auditors.

Detection of unlawful activity: A crucial part of the audit process

Auditors must design and implement procedures that provide reasonable assurance in detecting unlawful acts that could materially affect a company’s financial reports. This duty is enshrined in the federal securities laws, particularly Section 10A of the Securities Exchange Act of 1934, which requires auditors to remain vigilant during audits for possible violations of laws and regulations.

Detecting illegal actions is more than just due diligence – it is essential to protecting shareholder interests and maintaining the integrity of financial markets. This highlights the importance of robust systems that actively monitor and report on regulatory compliance across business operations for compliance officers.

Auditors use several techniques and resources to identify potential illegal acts, such as:

• Inquiries – They often begin by interviewing management, the audit committee, and internal or external legal counsel.
• Document review examiners often review board minutes, regulatory correspondence, SEC filings, legal advice letters, and other corporate documents that could reveal legal violations.
• Risk Assessments – Auditors must understand the company’s industry, regulatory environment, and external factors that could indicate legal risks. This assessment helps them target high-risk areas where breaches are more likely.

Auditors also investigate complaints and tips, including from internal whistleblower programs. You can investigate unusual transactions or related party dealings that could indicate red flags. It is critical for compliance professionals to maintain open channels so employees can report concerns without fear of retaliation and to promptly address any issues reported by auditors or internal investigations.

Assessing Potential Illegal Activities: Procedures and Standards

As soon as an auditor becomes aware of a possible illegal activity, he or she must determine whether it could have a material impact on the company’s financial statements. This assessment requires auditors to understand the nature and context of the incident, often involving management and sometimes more senior employees who can provide insight into the situation.

The PCAOB standards and Section 10A require auditors to not only recognize the likelihood that an unlawful act has occurred, but also to evaluate it. This is how they do it:

1. Collect evidence. Auditors can examine relevant documents – such as invoices, contracts and payment records – to verify the facts surrounding the incident. They may also consult legal counsel or officers of the accounting firm for additional perspectives.
2. Materiality assessment. Materiality is a cornerstone when assessing illegal acts. Auditors assess whether the potential breach is serious enough to warrant disclosure, focusing on quantitative and qualitative factors. For example, a small illegal payment may be considered material if it could give rise to contingent liabilities or raise ethical concerns that could affect the company’s reputation.
3. Assessment of the impact on the annual financial statements. Auditors must evaluate how the unlawful act affects the financial statement amounts, including the need for possible contingent liabilities, fines or penalties. If management is involved, this raises additional questions about the reliability of other information provided by the company.

This highlights how important it is for compliance teams to maintain clear documentation and open channels of communication with auditors. Maintaining a well-documented record of internal investigations, responses to auditor inquiries, and corrective actions can help ensure that potential unlawful actions are accurately and comprehensively assessed.

Notification of unlawful acts: disclosure obligations of the auditor

Auditors have special obligations to report illegal activities that they become aware of. The PCAOB and Section 10A establish requirements for notification to management, the audit committee and, in some cases, the SEC. Here’s what companies need to know:

• Communication with management and the audit committee. If an auditor discovers an illegal act, he or she must inform the appropriate management level and ensure that the audit committee is aware of it. This notification must be made as soon as possible before the test report is issued. The aim is to give management and the audit committee the opportunity to take corrective measures and disclose possible impacts to shareholders.
• Reporting to the Board of Directors and the SEC. If the unlawful act is considered material and management fails to take timely and appropriate action, the auditor is required to report to the company’s board of directors. Section 10A requires the auditor to notify the SEC if the board fails to correct the situation within a specified time frame. This move highlights the importance of accountability in corporate governance and compliance as it carries potential regulatory consequences for inaction.
• Effects on the audit opinion. The auditor may express a qualified or adverse opinion if the unlawful act has a material effect on the financial statements and is not adequately disclosed or corrected. In cases where the auditor cannot obtain sufficient evidence to assess the impact of the illegal act, he may even refuse to issue an opinion. In extreme cases, the auditor may consider withdrawing from the engagement if the company does not take appropriate remedial action.

A quick and transparent response to potential legal violations is therefore crucial for companies. Failure to address issues raised by auditors can result in negative audit opinions, regulatory investigations and significant reputational damage.

Strengthen compliance programs to meet auditor needs

The PCAOB’s recent guidance emphasizes the role of robust compliance programs in facilitating audits and managing risks associated with illegal acts. Compliance professionals should take the following steps to align their programs with PCAOB and SEC expectations:

1. Develop clear policies and reporting mechanisms. Make sure your compliance policies explicitly address the legal requirements relevant to your industry and geographic region. Implement reporting mechanisms that allow employees to raise concerns anonymously, fostering a culture of transparency and accountability.
2. Conduct regular risk assessments. Just as auditors assess risks as part of their engagements, compliance teams should regularly assess areas where legal violations may occur. High-risk areas such as financial transactions, related party transactions and regulatory filings should be closely monitored.
3. Offer comprehensive training. Equip your employees with the knowledge they need to recognize and report illegal actions. Incorporate training on whistleblower protection and internal reporting mechanisms to ensure all employees understand their role in adhering to legal and ethical standards.
4. Improve documentation and transparency. Documenting compliance efforts is critical, especially in areas that may be subject to audit scrutiny. Maintain detailed records of internal investigations, management responses to auditor inquiries, and any corrective actions taken to address potential violations.
5. Establish a strong tone at the top. Ultimately, fostering a culture of compliance starts with leadership. Management should demonstrate a clear commitment to legal and ethical standards and provide resources and support to compliance teams. When leadership prioritizes compliance, employees are more likely to report concerns, which can ultimately prevent illegal actions from going undetected.

The way forward

The PCAOBs HEADLIGHT is a valuable checkpoint for companies to assess their internal controls and compliance programs. Auditors play a critical role in detecting illegal activities, but the ultimate responsibility for compliance with the law lies with the company. Companies can navigate this complex landscape and mitigate the risk of material misstatements or regulatory penalties by implementing a strong compliance program, promoting transparency, and responding promptly to auditor inquiries.

The end result? Even under the new second Trump administration, a proactive compliance approach is not simply best practice; It is an essential core of conducting business ethically and legally. Compliance professionals should work closely with auditors to ensure the company is prepared to identify, evaluate and address potential legal issues that could impact financial reporting. The goal is a joint effort in which compliance and audit functions work together to maintain the integrity of financial reports and stakeholder trust.

Join us tomorrow as we discuss the top 10 takeaways for compliance professionals HEADLIGHT.

(View source.)