Open Board Meeting Re-proposing Auditing Standards Related to the Auditor’s Assessment of and Response to Risk

Statement of PCAOB Board Member Steven B. Harris

December 17, 2009


Thank you, Mr. Chairman. I support the Board’s re-proposing these seven auditing standards related to the auditor’s approach to assessing and responding to audit risk. These standards were initially proposed over a year ago on October 21, 2008. Since that time, the staff has made further refinements, some in response to comments received from 33 letters.

I would like to thank those who took the time to review the proposed standards and provide their thoughtful comments to the Board. This feedback is extremely helpful in the Board’s standard-setting process to ensure that auditing standards drafted – and ultimately adopted – by the Board address the concerns of interested parties and result in improvements in audit quality.

We are re-proposing these standards today, with a comment period of 75 days. I support providing another opportunity for comments, both because of the extent of the revisions and the importance of achieving the right balance between the cost of implementing these standards and the expected benefits.

I particularly want to encourage investors to comment on these re-proposed standards. Only one of the 33 comment letters the Board received on the originally proposed standards was from an investor.

Risk Assessment

Since these standards were first proposed last year, the world has witnessed firsthand the consequences of ineffective risk management. It is clear that the loss of trillions of investors’ dollars was, at least in part, the result of weak or non-existent risk management oversight on the part of management teams and directors in the financial industry.

Risk-taking is inherent in any business, and, therefore, management should be able to identify, understand, and then mitigate those risks. The importance of understanding the level of business risk– whether in the financial sector or any other industry – naturally spills over into audit risk. Every audit has risk – the risk that the auditor will express an inappropriate opinion when the financial statements are materially misstated.

These standards more clearly articulate the auditor’s responsibility to consider business risks as a very important element of audit risk. In other words, these proposed standards now require that the auditor obtain an understanding of the company and its environment in order to evaluate the level of risk of material misstatement in the financial statements. The standards require the auditor to "do the homework" necessary to identify and to assess the risk of error or the risk of fraud in the financial statements.

While sound audit practices do not prevent poor business decision-making by management, in the interest of investor protection it is, nevertheless, a step in the right direction to require the auditor to consider the company objectives and business risks when planning and carrying out the audit.

Consideration of Fraud in the Audit

Another important improvement contained in these proposed standards is the integration of and emphasis on the auditor’s responsibility to consider the risk of fraud throughout the entire audit process. This emphasis on the auditor's consideration of fraud is to prompt auditors to make a more thoughtful and thorough assessment of the risk of fraud and to develop appropriate responses, rather than approaching the assessment of fraud risk as an isolated exercise. The need for this type of integration has been clear based on observations made during our inspections process.

Financial Statement Disclosures

These proposed standards also more effectively address the requirements for the auditor to evaluate the adequacy of financial statement disclosures. While the PCAOB’s interim standards address this area of responsibility, it is to a limited extent. Our inspections process continues to identify concerns that the auditor’s review of disclosures is not always effective, confirming the need to provide more direction in this area. In response, these standards contain new requirements and increased discussion regarding the auditor’s responsibilities for evaluating the adequacy of the financial statement disclosures.

Establishing Materiality

Finally, I would like to highlight that these proposed standards give explicit direction to the auditor that the level of materiality established for the financial statements and particular accounts or disclosures, should be based on quantitative and qualitative facts that would influence “the judgment of a reasonable investor.� This is an important improvement over the interim standards in clearly directing the auditor to consider the needs of the investor.


In sum, these risk assessment standards that we are re-proposing today clearly describe the Board's expectations of what the auditor needs to do when planning and performing an audit based on risk assessment principles. Unique to the PCAOB, the development of these standards has been greatly informed by the findings of our inspections program. While most of the concepts are not new and will be familiar to auditors, they are more concise and better organized than they are in the current PCAOB interim standards. In short, these standards are intended to focus the auditor’s efforts on those areas that have the greatest risk of creating an audit failure.

As I mentioned at the outset, I support re-proposing these risk assessment standards for public comment. Furthermore, I would like to see the Board adopt standards in these areas as soon as possible after the end of the comment period. These standards have been a high priority for the Board for some time now, and the sooner they are adopted, the sooner the quality of audits – and the protection of investors – will be enhanced.

I also join you, Mr. Chairman and the other Board members, in acknowledging the fine work done by Keith Wilson, Bob Burns, and Nina Mojiri-Azad, under the direction of Marty Baumann, in developing these important risk assessment standards.